Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
GoogleUpdate.exe

Overview

General Information

Sample Name:GoogleUpdate.exe
Analysis ID:761283
MD5:e885bf92c289c674cd32f3e85ab2b922
SHA1:c0a98fd8c74d031f54fda658a1c67d8886b5e076
SHA256:63854e78780866d2ae56a58958a1fda017a71f54b71fe70cf5403958e961862a
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:true
Confidence:100%

Signatures

Uses 32bit PE files
Yara signature match
Sample file is different than original file name gathered from version info
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found large amount of non-executed APIs
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • GoogleUpdate.exe (PID: 6088 cmdline: "C:\Users\user\Desktop\GoogleUpdate.exe" -install MD5: E885BF92C289C674CD32F3E85AB2B922)
  • GoogleUpdate.exe (PID: 3808 cmdline: "C:\Users\user\Desktop\GoogleUpdate.exe" /install MD5: E885BF92C289C674CD32F3E85AB2B922)
  • GoogleUpdate.exe (PID: 4600 cmdline: "C:\Users\user\Desktop\GoogleUpdate.exe" /load MD5: E885BF92C289C674CD32F3E85AB2B922)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Unpacked PEs

SourceRuleDescriptionAuthorStrings
2.0.GoogleUpdate.exe.870000.0.unpackSUSP_Unsigned_GoogleUpdateDetects suspicious unsigned GoogleUpdate.exeFlorian Roth
  • 0x192c9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x195e1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x198c5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19bbd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19eb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a1c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a4b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a7b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1aabd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1adad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b09d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b38d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b699:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b9ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bcb1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bfb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c2ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c5c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c8b9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1cba1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1ceb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
1.2.GoogleUpdate.exe.870000.0.unpackSUSP_Unsigned_GoogleUpdateDetects suspicious unsigned GoogleUpdate.exeFlorian Roth
  • 0x192c9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x195e1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x198c5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19bbd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19eb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a1c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a4b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a7b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1aabd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1adad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b09d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b38d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b699:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b9ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bcb1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bfb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c2ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c5c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c8b9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1cba1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1ceb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
0.0.GoogleUpdate.exe.870000.0.unpackSUSP_Unsigned_GoogleUpdateDetects suspicious unsigned GoogleUpdate.exeFlorian Roth
  • 0x192c9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x195e1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x198c5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19bbd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19eb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a1c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a4b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a7b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1aabd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1adad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b09d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b38d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b699:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b9ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bcb1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bfb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c2ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c5c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c8b9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1cba1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1ceb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
1.0.GoogleUpdate.exe.870000.0.unpackSUSP_Unsigned_GoogleUpdateDetects suspicious unsigned GoogleUpdate.exeFlorian Roth
  • 0x192c9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x195e1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x198c5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19bbd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19eb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a1c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a4b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a7b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1aabd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1adad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b09d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b38d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b699:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b9ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bcb1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bfb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c2ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c5c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c8b9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1cba1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1ceb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
0.2.GoogleUpdate.exe.870000.0.unpackSUSP_Unsigned_GoogleUpdateDetects suspicious unsigned GoogleUpdate.exeFlorian Roth
  • 0x192c9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x195e1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x198c5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19bbd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x19eb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a1c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a4b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1a7b5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1aabd:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1adad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b09d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b38d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b699:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1b9ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bcb1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1bfb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c2ad:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c5c1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1c8b9:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1cba1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
  • 0x1ceb5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
Click to see the 1 entries

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Spreading
  • Networking
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: GoogleUpdate.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: GoogleUpdate.exeStatic PE information: certificate valid
Source: GoogleUpdate.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087DB25 FindFirstFileExW,0_2_0087DB25
Source: GoogleUpdate.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: GoogleUpdate.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: GoogleUpdate.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: GoogleUpdate.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: GoogleUpdate.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: GoogleUpdate.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: GoogleUpdate.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: GoogleUpdate.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: GoogleUpdate.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: GoogleUpdate.exeString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: GoogleUpdate.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: GoogleUpdate.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: GoogleUpdate.exeString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: GoogleUpdate.exeString found in binary or memory: http://ocsp.digicert.com0
Source: GoogleUpdate.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: GoogleUpdate.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: GoogleUpdate.exeString found in binary or memory: http://ocsp.digicert.com0L
Source: GoogleUpdate.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: GoogleUpdate.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: GoogleUpdate.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: GoogleUpdate.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: GoogleUpdate.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 2.0.GoogleUpdate.exe.870000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 1.2.GoogleUpdate.exe.870000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 0.0.GoogleUpdate.exe.870000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 1.0.GoogleUpdate.exe.870000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 0.2.GoogleUpdate.exe.870000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 2.2.GoogleUpdate.exe.870000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: GoogleUpdate.exeBinary or memory string: OriginalFilename vs GoogleUpdate.exe
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00878CF00_2_00878CF0
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_008786D40_2_008786D4
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00883E2B0_2_00883E2B
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00878A460_2_00878A46
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_008792720_2_00879272
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00878FB70_2_00878FB7
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: String function: 00877A10 appears 33 times
Source: GoogleUpdate.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\GoogleUpdate.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\GoogleUpdate.exe "C:\Users\user\Desktop\GoogleUpdate.exe" -install
Source: unknownProcess created: C:\Users\user\Desktop\GoogleUpdate.exe "C:\Users\user\Desktop\GoogleUpdate.exe" /install
Source: unknownProcess created: C:\Users\user\Desktop\GoogleUpdate.exe "C:\Users\user\Desktop\GoogleUpdate.exe" /load
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00876189 LoadResource,LockResource,SizeofResource,0_2_00876189
Source: C:\Users\user\Desktop\GoogleUpdate.exeCommand line argument: kernel32.dll0_2_00876898
Source: C:\Users\user\Desktop\GoogleUpdate.exeCommand line argument: DllEntry0_2_00876898
Source: classification engineClassification label: clean6.winEXE@3/0@0/0
Source: GoogleUpdate.exeStatic PE information: certificate valid
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: GoogleUpdate.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: GoogleUpdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00884543 push ecx; ret 0_2_00884556
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00877A56 push ecx; ret 0_2_00877A69
Source: C:\Users\user\Desktop\GoogleUpdate.exeAPI coverage: 9.2 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087DB25 FindFirstFileExW,0_2_0087DB25
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00877825 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00877825
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087D8C7 mov eax, dword ptr fs:[00000030h]0_2_0087D8C7
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087C11B mov ecx, dword ptr fs:[00000030h]0_2_0087C11B
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087ECCC GetProcessHeap,0_2_0087ECCC
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_008779BB SetUnhandledExceptionFilter,0_2_008779BB
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00877825 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00877825
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087755D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0087755D
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087BA61 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0087BA61
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_0087767E cpuid 0_2_0087767E
Source: C:\Users\user\Desktop\GoogleUpdate.exeCode function: 0_2_00877A6B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00877A6B

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		Path Interception1
Process Injection		1
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 761283 Sample: GoogleUpdate.exe Startdate: 06/12/2022 Architecture: WINDOWS Score: 0 4 GoogleUpdate.exe 2->4         started        6 GoogleUpdate.exe 2->6         started        8 GoogleUpdate.exe 2->8         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
GoogleUpdate.exe0%ReversingLabs
GoogleUpdate.exe0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:761283
Start date and time:2022-12-06 03:14:00 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 28s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:GoogleUpdate.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:Cmdline fuzzy
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean6.winEXE@3/0@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 100% (good quality ratio 91.5%)
  • Quality average: 77%
  • Quality standard deviation: 31%
HCA Information:
  • Successful, ratio: 93%
  • Number of executed functions: 7
  • Number of non-executed functions: 22
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.071804014291861
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:GoogleUpdate.exe
File size:168632
MD5:e885bf92c289c674cd32f3e85ab2b922
SHA1:c0a98fd8c74d031f54fda658a1c67d8886b5e076
SHA256:63854e78780866d2ae56a58958a1fda017a71f54b71fe70cf5403958e961862a
SHA512:618d0cb1e6b50716ad877616da547d45099d92c6d00158da0ee2a76cf08f13ee540d365f747a031f0da96b238acc7fc9c0996c8de3feb7753966a9458e5f2512
SSDEEP:3072:IwzvOYRt5YP/aKavT/DvbEvK9aobNI2B+hlsfni3YGByThXKBZkZN4GhQ2eRZh+p:ftiP/aK2h9H/B+rw
TLSH:FCF3F71276F8116DF4B36B30B8799B515AB9FC33DE20DB6E1684166C1E30A80DA21F77
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;...U...U...U.M.V...U.M.P...U.M.Q...U.*.Q...U.*.V...U.*.P...U.M.T...U...T...U...\...U.......U.......U...W...U.Rich..U........

File Icon

Icon Hash:6863eee6b292c6ee

Static PE Info

General

Entrypoint:0x407552
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x624BA128 [Tue Apr 5 01:53:44 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:1
File Version Major:5
File Version Minor:1
Subsystem Version Major:5
Subsystem Version Minor:1
Import Hash:b696542cade53789c2cbed09ce287013

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 11/7/2019 4:00:00 PM 11/16/2022 4:00:00 AM
Subject Chain
  • CN=Google LLC, O=Google LLC, L=Mountain View, S=California, C=US
Version:3
Thumbprint MD5:463BFA4FA69A9E6C4D8813CCFAAF16EE
Thumbprint SHA-1:A3958AE522F3C54B878B20D7B0F63711E08666B2
Thumbprint SHA-256:5F2F2840C6E51D17F09334ADA05D9DCDD9AEEB11AF0AE163816757D539ABE3EE
Serial:06AEA76BAC46A9E8CFE6D29E45AAF033
Instruction
call 00007F814508F4F6h
jmp 00007F814508EE0Fh
ret
push ebp
mov ebp, esp
push 00000000h
call dword ptr [00418098h]
push dword ptr [ebp+08h]
call dword ptr [00418094h]
push C0000409h
call dword ptr [0041809Ch]
push eax
call dword ptr [004180A0h]
pop ebp
ret
push ebp
mov ebp, esp
sub esp, 00000324h
push 00000017h
call 00007F814509BDF1h
test eax, eax
je 00007F814508EF97h
push 00000002h
pop ecx
int 29h
mov dword ptr [00416A40h], eax
mov dword ptr [00416A3Ch], ecx
mov dword ptr [00416A38h], edx
mov dword ptr [00416A34h], ebx
mov dword ptr [00416A30h], esi
mov dword ptr [00416A2Ch], edi
mov word ptr [00416A58h], ss
mov word ptr [00416A4Ch], cs
mov word ptr [00416A28h], ds
mov word ptr [00416A24h], es
mov word ptr [00416A20h], fs
mov word ptr [00416A1Ch], gs
pushfd
pop dword ptr [00416A50h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [00416A44h], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00416A48h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [00416A54h], eax
mov eax, dword ptr [ebp-00000324h]
mov dword ptr [00416990h], 00010001h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x181500x78.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x190000xe220.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x250000x42b8
IMAGE_DIRECTORY_ENTRY_BASERELOC0x280000xff4.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x5b700x54.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5bc80x40.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x180000x14c.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x142d40x14400False0.5454161844135802data6.3973324411748855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x160000x14780xa00False0.15546875data2.0369645839603154IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata0x180000x8ee0xa00False0.43359375data5.065133895365981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x190000xe2200xe400False0.14692982456140352data4.23554113959127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x280000xff40x1000False0.830322265625data6.539676498014965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
RT_ICON0x19d600x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States
RT_ICON0x19e880x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States
RT_ICON0x1a3f00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States
RT_ICON0x1a6d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
RT_ICON0x1af800x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States
RT_ICON0x1b5e80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States
RT_GROUP_ICON0x1c4900x5adataEnglishUnited States
RT_VERSION0x26c500x2f0SysEx File - IDP
RT_VERSION0x1c7c80x31cdataArabicSaudi Arabia
RT_VERSION0x1cae80x2ecdataBulgarianBulgaria
RT_VERSION0x1d0c80x2f0SysEx File - IDPCatalanSpain
RT_VERSION0x266800x2dcdataChineseTaiwan
RT_VERSION0x1d3b80x30cdataCzechCzech Republic
RT_VERSION0x1d6c80x2f0SysEx File - IDPDanishDenmark
RT_VERSION0x1d9b80x300dataGermanGermany
RT_VERSION0x1dcb80x308dataGreekGreece
RT_VERSION0x1dfc00x2f0SysEx File - IDPEnglishUnited States
RT_VERSION0x1f1c00x2fcdataFinnishFinland
RT_VERSION0x1f7b00x314dataFrenchFrance
RT_VERSION0x20fb00x2f4dataHebrewIsrael
RT_VERSION0x203c00x2f4dataHungarianHungary
RT_VERSION0x209a80x314dataIcelandicIceland
RT_VERSION0x20cc00x2f0SysEx File - IDPItalianItaly
RT_VERSION0x212a80x2e8dataJapaneseJapan
RT_VERSION0x218900x2e8dataKoreanNorth Korea
RT_VERSION0x218900x2e8dataKoreanSouth Korea
RT_VERSION0x22ac00x2f0SysEx File - IDPDutchNetherlands
RT_VERSION0x22db00x324dataNorwegianNorway
RT_VERSION0x230d80x2fcdataPolishPoland
RT_VERSION0x233d80x2f0SysEx File - IDPPortugueseBrazil
RT_VERSION0x239c00x2f0SysEx File - IDPRomanianRomania
RT_VERSION0x23cb00x2ecdataRussianRussia
RT_VERSION0x200a80x318dataCroatianCroatia
RT_VERSION0x23fa00x300dataSlovakSlovakia
RT_VERSION0x248c00x2fcdataSwedishSweden
RT_VERSION0x254a80x2f8dataThaiThailand
RT_VERSION0x257a00x2fcdataTurkishTurkey
RT_VERSION0x25db00x304dataUrduPakistan
RT_VERSION0x25db00x304dataUrduIndia
RT_VERSION0x206b80x2f0SysEx File - IDPIndonesianIndonesia
RT_VERSION0x25aa00x310dataUkrainianUkrain
RT_VERSION0x242a00x30cdataSlovenianSlovenia
RT_VERSION0x1eba00x318dataEstonianEstonia
RT_VERSION0x21e900x32cdataLatvianLativa
RT_VERSION0x21b780x318dataLithuanianLithuania
RT_VERSION0x1eeb80x304dataFarsiIran
RT_VERSION0x1eeb80x304dataFarsiAfganistan
RT_VERSION0x1eeb80x304dataFarsiTajikistan
RT_VERSION0x1eeb80x304dataFarsiUzbekistan
RT_VERSION0x260b80x2f0SysEx File - IDPVietnameseVietnam
RT_VERSION0x1fdb80x2ecdataHindiIndia
RT_VERSION0x227c80x2f4dataMalayMalaysia
RT_VERSION0x24bc00x2fcdataSwahiliKenya
RT_VERSION0x24bc00x2fcdataSwahiliMozambiq
RT_VERSION0x1cdd80x2f0SysEx File - IDPBengaliIndia
RT_VERSION0x1fac80x2f0SysEx File - IDPGujaratiIndia
RT_VERSION0x269600x2ecdataOriyaIndia
RT_VERSION0x24ec00x2f0SysEx File - IDPTamilIndia
RT_VERSION0x24ec00x2f0SysEx File - IDPTamilSri Lanka
RT_VERSION0x251b00x2f4dataTeluguIndia
RT_VERSION0x215900x2fcdataKannadaKanada
RT_VERSION0x221c00x318dataMalayalamIndia
RT_VERSION0x224d80x2f0SysEx File - IDPMarathiIndia
RT_VERSION0x1c4f00x2d8dataAmharicEthiopia
RT_VERSION0x1f4c00x2f0SysEx File - IDPFilipinoPhilippines
RT_VERSION0x263a80x2d4dataChineseChina
RT_VERSION0x1e2b00x2f0SysEx File - IDPEnglishGreat Britain
RT_VERSION0x1e8900x30cdataSpanishMexico
RT_VERSION0x236c80x2f8dataPortuguesePortugal
RT_VERSION0x26f400x2dcdataChineseChina
RT_VERSION0x1e5a00x2f0SysEx File - IDP
RT_VERSION0x245b00x310dataSerbianCyrillic
RT_MANIFEST0x197800x5e0XML 1.0 document, ASCII textEnglishUnited States
DLLImport
ADVAPI32.dllRegOpenKeyExW
KERNEL32.dllSizeofResource, HeapFree, GetCommandLineW, GetModuleFileNameW, InitializeCriticalSectionAndSpinCount, HeapSize, GetLastError, GetFileAttributesExW, LockResource, HeapReAlloc, RaiseException, FindResourceExW, LoadResource, FindResourceW, HeapAlloc, DecodePointer, HeapDestroy, GetProcAddress, DeleteCriticalSection, GetProcessHeap, GetModuleHandleW, FreeLibrary, LoadLibraryExW, CloseHandle, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, GetStringTypeW, SetStdHandle, IsDebuggerPresent, OutputDebugStringW, EnterCriticalSection, LeaveCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RtlUnwind, EncodePointer, ExitProcess, GetModuleHandleExW, GetStdHandle, WriteFile, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetFileType, WriteConsoleW
SHELL32.dllSHGetFolderPathW
USER32.dllCharLowerBuffW
SHLWAPI.dllSHQueryValueExW, PathAppendW, PathRemoveFileSpecW

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States
ArabicSaudi Arabia
BulgarianBulgaria
CatalanSpain
ChineseTaiwan
CzechCzech Republic
DanishDenmark
GermanGermany
GreekGreece
FinnishFinland
FrenchFrance
HebrewIsrael
HungarianHungary
IcelandicIceland
ItalianItaly
JapaneseJapan
KoreanNorth Korea
KoreanSouth Korea
DutchNetherlands
NorwegianNorway
PolishPoland
PortugueseBrazil
RomanianRomania
RussianRussia
CroatianCroatia
SlovakSlovakia
SwedishSweden
ThaiThailand
TurkishTurkey
UrduPakistan
UrduIndia
IndonesianIndonesia
UkrainianUkrain
SlovenianSlovenia
EstonianEstonia
LatvianLativa
LithuanianLithuania
FarsiIran
FarsiAfganistan
FarsiTajikistan
FarsiUzbekistan
VietnameseVietnam
MalayMalaysia
SwahiliKenya
SwahiliMozambiq
TamilSri Lanka
KannadaKanada
AmharicEthiopia
FilipinoPhilippines
ChineseChina
EnglishGreat Britain
SpanishMexico
PortuguesePortugal
SerbianCyrillic

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:03:14:48
Start date:06/12/2022
Path:C:\Users\user\Desktop\GoogleUpdate.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\GoogleUpdate.exe" -install
Imagebase:0x870000
File size:168632 bytes
MD5 hash:E885BF92C289C674CD32F3E85AB2B922
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:1
Start time:03:14:50
Start date:06/12/2022
Path:C:\Users\user\Desktop\GoogleUpdate.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\GoogleUpdate.exe" /install
Imagebase:0x870000
File size:168632 bytes
MD5 hash:E885BF92C289C674CD32F3E85AB2B922
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:2
Start time:03:14:52
Start date:06/12/2022
Path:C:\Users\user\Desktop\GoogleUpdate.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\GoogleUpdate.exe" /load
Imagebase:0x870000
File size:168632 bytes
MD5 hash:E885BF92C289C674CD32F3E85AB2B922
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:2.7%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:2.7%
Total number of Nodes:1943
Total number of Limit Nodes:20
Show Legend
Hide Nodes/Edges
execution_graph 9155 876202 HeapAlloc 9836 882301 9837 882321 9836->9837 9840 882358 9837->9840 9839 88234b 9841 88235f 9840->9841 9842 8823fe 9841->9842 9845 88237f 9841->9845 9844 8834f7 20 API calls 9842->9844 9843 883420 9843->9839 9846 88240e 9844->9846 9845->9839 9845->9843 9847 8834f7 20 API calls 9845->9847 9846->9839 9848 88341e 9847->9848 9848->9839 8702 87f68c 8703 87f5bb ___scrt_uninitialize_crt 70 API calls 8702->8703 8704 87f694 8703->8704 8712 881c77 8704->8712 8706 87f699 8722 881d22 8706->8722 8709 87f6c3 8710 87d751 __freea 14 API calls 8709->8710 8711 87f6ce 8710->8711 8713 881c83 __FrameHandler3::FrameUnwindToState 8712->8713 8726 87d868 EnterCriticalSection 8713->8726 8715 881cfa 8733 881d19 8715->8733 8717 881c8e 8717->8715 8719 881cce DeleteCriticalSection 8717->8719 8727 8822c3 8717->8727 8720 87d751 __freea 14 API calls 8719->8720 8720->8717 8723 87f6a8 DeleteCriticalSection 8722->8723 8724 881d39 8722->8724 8723->8706 8723->8709 8724->8723 8725 87d751 __freea 14 API calls 8724->8725 8725->8723 8726->8717 8728 8822d6 ___std_exception_copy 8727->8728 8736 88219e 8728->8736 8730 8822e2 8731 87b999 ___std_exception_copy 41 API calls 8730->8731 8732 8822ee 8731->8732 8732->8717 8808 87d8b0 LeaveCriticalSection 8733->8808 8735 881d06 8735->8706 8737 8821aa __FrameHandler3::FrameUnwindToState 8736->8737 8738 8821b4 8737->8738 8739 8821d7 8737->8739 8740 87bbe0 ___std_exception_copy 41 API calls 8738->8740 8746 8821cf 8739->8746 8747 87f6d8 EnterCriticalSection 8739->8747 8740->8746 8742 8821f5 8748 882235 8742->8748 8744 882202 8762 88222d 8744->8762 8746->8730 8747->8742 8749 882242 8748->8749 8750 882265 8748->8750 8751 87bbe0 ___std_exception_copy 41 API calls 8749->8751 8752 87f4ed ___scrt_uninitialize_crt 66 API calls 8750->8752 8760 88225d 8750->8760 8751->8760 8753 88227d 8752->8753 8754 881d22 14 API calls 8753->8754 8755 882285 8754->8755 8756 880882 ___scrt_uninitialize_crt 41 API calls 8755->8756 8757 882291 8756->8757 8765 882abc 8757->8765 8760->8744 8761 87d751 __freea 14 API calls 8761->8760 8807 87f6ec LeaveCriticalSection 8762->8807 8764 882233 8764->8746 8766 882298 8765->8766 8767 882ae5 8765->8767 8766->8760 8766->8761 8768 882b34 8767->8768 8770 882b0c 8767->8770 8769 87bbe0 ___std_exception_copy 41 API calls 8768->8769 8769->8766 8772 882a2b 8770->8772 8773 882a37 __FrameHandler3::FrameUnwindToState 8772->8773 8780 87f927 EnterCriticalSection 8773->8780 8775 882a45 8777 882a76 8775->8777 8781 882b5f 8775->8781 8794 882ab0 8777->8794 8780->8775 8782 87f9fe ___scrt_uninitialize_crt 41 API calls 8781->8782 8785 882b6f 8782->8785 8783 882b75 8797 87f96d 8783->8797 8785->8783 8786 882ba7 8785->8786 8787 87f9fe ___scrt_uninitialize_crt 41 API calls 8785->8787 8786->8783 8788 87f9fe ___scrt_uninitialize_crt 41 API calls 8786->8788 8789 882b9e 8787->8789 8790 882bb3 CloseHandle 8788->8790 8791 87f9fe ___scrt_uninitialize_crt 41 API calls 8789->8791 8790->8783 8792 882bbf GetLastError 8790->8792 8791->8786 8792->8783 8793 882bcd ___scrt_uninitialize_crt 8793->8777 8806 87f94a LeaveCriticalSection 8794->8806 8796 882a99 8796->8766 8798 87f9e3 8797->8798 8799 87f97c 8797->8799 8800 87bd1b __freea 14 API calls 8798->8800 8799->8798 8804 87f9a6 8799->8804 8801 87f9e8 8800->8801 8802 87bd08 ___scrt_uninitialize_crt 14 API calls 8801->8802 8803 87f9d3 8802->8803 8803->8793 8804->8803 8805 87f9cd SetStdHandle 8804->8805 8805->8803 8806->8796 8807->8764 8808->8735 9742 87cb8c 9743 879803 ___vcrt_uninitialize 8 API calls 9742->9743 9744 87cb93 9743->9744 9849 87750b 9850 877978 _unexpected GetModuleHandleW 9849->9850 9851 877513 9850->9851 9852 877517 9851->9852 9853 877549 9851->9853 9855 877522 9852->9855 9858 87c1ce 9852->9858 9854 87c1ec _unexpected 23 API calls 9853->9854 9856 877551 9854->9856 9859 87c053 _unexpected 23 API calls 9858->9859 9860 87c1d9 9859->9860 9860->9855 9861 87d70b 9869 87eaaa 9861->9869 9864 87d5b7 _unexpected 14 API calls 9866 87d727 9864->9866 9865 87d734 9866->9865 9874 87d737 9866->9874 9868 87d71f 9870 87e9e7 _unexpected 5 API calls 9869->9870 9871 87eac6 9870->9871 9872 87eade TlsAlloc 9871->9872 9873 87d715 9871->9873 9872->9873 9873->9864 9873->9868 9875 87d741 9874->9875 9876 87d747 9874->9876 9878 87eae9 9875->9878 9876->9868 9879 87e9e7 _unexpected 5 API calls 9878->9879 9880 87eb05 9879->9880 9881 87eb20 TlsFree 9880->9881 9882 87eb0e 9880->9882 9882->9876 9156 879a0a 9157 879a14 9156->9157 9158 879a21 9156->9158 9157->9158 9159 87bd2e ___std_exception_destroy 14 API calls 9157->9159 9159->9158 9883 87af09 9886 87b07b 9883->9886 9885 87af11 9887 87b0c1 9886->9887 9888 87b08b 9886->9888 9887->9885 9888->9887 9889 879a26 _unexpected 51 API calls 9888->9889 9890 87b0b7 9889->9890 9890->9885 8809 876288 8812 8761e6 8809->8812 8811 876293 _AnonymousOriginator 8813 8761f2 8812->8813 8814 876201 8812->8814 8813->8814 8815 8761f8 HeapDestroy 8813->8815 8814->8811 8815->8814 9160 876217 9161 876220 HeapFree 9160->9161 9162 87622e 9160->9162 9161->9162 9891 87e717 GetCommandLineA GetCommandLineW 8819 87ec96 8820 87ecc7 8819->8820 8822 87eca1 8819->8822 8821 87ecb1 FreeLibrary 8821->8822 8822->8820 8822->8821 9745 87a395 9746 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9745->9746 9747 87a3a7 9746->9747 9748 87acbf __InternalCxxFrameHandler 54 API calls 9747->9748 9749 87a3c0 9748->9749 9750 87cb95 9753 87cbac 9750->9753 9754 87cba8 9753->9754 9755 87cbc0 9753->9755 9755->9754 9756 87d751 __freea 14 API calls 9755->9756 9756->9754 9892 87af13 9893 879a26 _unexpected 51 API calls 9892->9893 9894 87af1b __FrameHandler3::FrameUnwindToState 9893->9894 9895 87b0dd __FrameHandler3::FrameUnwindToState 51 API calls 9894->9895 9896 87af8c 9895->9896 9897 87afc5 CallCatchBlock 54 API calls 9896->9897 9898 87afad 9897->9898 9899 877311 9900 877319 9899->9900 9916 87cd42 9900->9916 9902 877324 9923 87713e 9902->9923 9904 877825 ___scrt_fastfail 4 API calls 9905 8773bb ___scrt_initialize_default_local_stdio_options 9904->9905 9906 877339 __RTC_Initialize 9907 8772ee 44 API calls 9906->9907 9914 877396 9906->9914 9908 877352 9907->9908 9908->9914 9929 877b09 InitializeSListHead 9908->9929 9910 877368 9930 877b18 9910->9930 9912 87738b 9936 87ce1f 9912->9936 9914->9904 9915 8773b3 9914->9915 9917 87cd74 9916->9917 9918 87cd51 9916->9918 9917->9902 9918->9917 9919 87bd1b __freea 14 API calls 9918->9919 9920 87cd64 9919->9920 9921 87bc5d ___std_exception_copy 41 API calls 9920->9921 9922 87cd6f 9921->9922 9922->9902 9924 87714a 9923->9924 9925 87714e 9923->9925 9924->9906 9926 877825 ___scrt_fastfail 4 API calls 9925->9926 9928 87715b ___scrt_release_startup_lock 9925->9928 9927 8771d9 9926->9927 9928->9906 9929->9910 9943 87cef9 9930->9943 9932 877b29 9933 877b30 9932->9933 9934 877825 ___scrt_fastfail 4 API calls 9932->9934 9933->9912 9935 877b38 9934->9935 9937 87d466 _unexpected 41 API calls 9936->9937 9938 87ce2a 9937->9938 9939 87ce62 9938->9939 9940 87bd1b __freea 14 API calls 9938->9940 9939->9914 9941 87ce57 9940->9941 9942 87bc5d ___std_exception_copy 41 API calls 9941->9942 9942->9939 9944 87cf17 9943->9944 9945 87cf37 9943->9945 9946 87bd1b __freea 14 API calls 9944->9946 9945->9932 9947 87cf2d 9946->9947 9948 87bc5d ___std_exception_copy 41 API calls 9947->9948 9948->9945 9163 882411 9164 882435 9163->9164 9165 88244e 9164->9165 9167 883727 __startOneArgErrorHandling 9164->9167 9168 882498 9165->9168 9171 883533 9165->9171 9170 883769 __startOneArgErrorHandling 9167->9170 9179 883ac1 9167->9179 9172 883546 DecodePointer 9171->9172 9173 883556 9171->9173 9172->9173 9174 8835e1 9173->9174 9175 883585 9173->9175 9176 88359a 9173->9176 9174->9168 9175->9174 9177 87bd1b __freea 14 API calls 9175->9177 9176->9174 9178 87bd1b __freea 14 API calls 9176->9178 9177->9174 9178->9174 9180 883afa __startOneArgErrorHandling 9179->9180 9182 883b21 __startOneArgErrorHandling 9180->9182 9190 883e2b 9180->9190 9183 883b64 9182->9183 9184 883b3f 9182->9184 9202 884121 9183->9202 9194 884150 9184->9194 9187 883b5f __startOneArgErrorHandling 9188 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9187->9188 9189 883b88 9188->9189 9189->9170 9191 883e56 __raise_exc 9190->9191 9192 88404f RaiseException 9191->9192 9193 884068 9192->9193 9193->9182 9195 88415d 9194->9195 9196 88419b __startOneArgErrorHandling 9195->9196 9197 88416c __startOneArgErrorHandling 9195->9197 9200 8841e9 9196->9200 9201 884121 __startOneArgErrorHandling 14 API calls 9196->9201 9198 884121 __startOneArgErrorHandling 14 API calls 9197->9198 9199 884185 9198->9199 9199->9187 9200->9187 9201->9200 9203 88412e 9202->9203 9204 884143 9202->9204 9206 884148 9203->9206 9207 87bd1b __freea 14 API calls 9203->9207 9205 87bd1b __freea 14 API calls 9204->9205 9205->9206 9206->9187 9208 88413b 9207->9208 9208->9187 9209 87de1e 9210 87de30 9209->9210 9211 87de2c 9209->9211 9212 87de35 9210->9212 9213 87de5b 9210->9213 9214 87d8f8 _unexpected 14 API calls 9212->9214 9213->9211 9216 87bd49 __onexit 44 API calls 9213->9216 9215 87de3e 9214->9215 9217 87d751 __freea 14 API calls 9215->9217 9218 87de7b 9216->9218 9217->9211 9219 87d751 __freea 14 API calls 9218->9219 9219->9211 9220 881017 9223 87e433 9220->9223 9224 87e43c 9223->9224 9225 87e46e 9223->9225 9229 87d521 9224->9229 9230 87d532 9229->9230 9231 87d52c 9229->9231 9233 87eb67 _unexpected 6 API calls 9230->9233 9235 87d538 9230->9235 9232 87eb28 _unexpected 6 API calls 9231->9232 9232->9230 9234 87d54c 9233->9234 9234->9235 9236 87d8f8 _unexpected 14 API calls 9234->9236 9237 87cfbd _unexpected 41 API calls 9235->9237 9253 87d53d 9235->9253 9238 87d55c 9236->9238 9239 87d5b6 9237->9239 9240 87d564 9238->9240 9241 87d579 9238->9241 9242 87eb67 _unexpected 6 API calls 9240->9242 9243 87eb67 _unexpected 6 API calls 9241->9243 9244 87d570 9242->9244 9245 87d585 9243->9245 9249 87d751 __freea 14 API calls 9244->9249 9246 87d589 9245->9246 9247 87d598 9245->9247 9250 87eb67 _unexpected 6 API calls 9246->9250 9248 87d294 _unexpected 14 API calls 9247->9248 9251 87d5a3 9248->9251 9249->9235 9250->9244 9252 87d751 __freea 14 API calls 9251->9252 9252->9253 9254 87e23e 9253->9254 9277 87e393 9254->9277 9259 87e281 9259->9225 9260 87fcee __onexit 15 API calls 9261 87e292 9260->9261 9262 87e29a 9261->9262 9263 87e2a8 9261->9263 9265 87d751 __freea 14 API calls 9262->9265 9295 87e48e 9263->9295 9265->9259 9267 87e2e0 9268 87bd1b __freea 14 API calls 9267->9268 9269 87e2e5 9268->9269 9272 87d751 __freea 14 API calls 9269->9272 9270 87e327 9271 87e370 9270->9271 9306 87deb0 9270->9306 9275 87d751 __freea 14 API calls 9271->9275 9272->9259 9273 87e2fb 9273->9270 9276 87d751 __freea 14 API calls 9273->9276 9275->9259 9276->9270 9278 87e39f __FrameHandler3::FrameUnwindToState 9277->9278 9285 87e3b9 9278->9285 9314 87d868 EnterCriticalSection 9278->9314 9281 87cfbd _unexpected 41 API calls 9286 87e432 9281->9286 9282 87e268 9288 87dfbe 9282->9288 9283 87e3f5 9315 87e412 9283->9315 9284 87e3c9 9284->9283 9287 87d751 __freea 14 API calls 9284->9287 9285->9281 9285->9282 9287->9283 9319 87dd4f 9288->9319 9291 87dff1 9293 87dff6 GetACP 9291->9293 9294 87e008 9291->9294 9292 87dfdf GetOEMCP 9292->9294 9293->9294 9294->9259 9294->9260 9296 87dfbe 43 API calls 9295->9296 9297 87e4ae 9296->9297 9298 87e4eb IsValidCodePage 9297->9298 9301 87e527 ___scrt_fastfail 9297->9301 9300 87e4fd 9298->9300 9298->9301 9299 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9302 87e2d5 9299->9302 9303 87e52c GetCPInfo 9300->9303 9305 87e506 ___scrt_fastfail 9300->9305 9301->9299 9302->9267 9302->9273 9303->9301 9303->9305 9472 87e092 9305->9472 9307 87debc __FrameHandler3::FrameUnwindToState 9306->9307 9556 87d868 EnterCriticalSection 9307->9556 9309 87dec6 9557 87defd 9309->9557 9314->9284 9318 87d8b0 LeaveCriticalSection 9315->9318 9317 87e419 9317->9285 9318->9317 9320 87dd6d 9319->9320 9321 87dd66 9319->9321 9320->9321 9322 87d466 _unexpected 41 API calls 9320->9322 9321->9291 9321->9292 9323 87dd8e 9322->9323 9327 880693 9323->9327 9328 87dda4 9327->9328 9329 8806a6 9327->9329 9331 8806f1 9328->9331 9329->9328 9335 88017c 9329->9335 9332 880704 9331->9332 9334 880719 9331->9334 9332->9334 9467 87e47b 9332->9467 9334->9321 9336 880188 __FrameHandler3::FrameUnwindToState 9335->9336 9337 87d466 _unexpected 41 API calls 9336->9337 9338 880191 9337->9338 9345 8801d7 9338->9345 9348 87d868 EnterCriticalSection 9338->9348 9340 8801af 9349 8801fd 9340->9349 9345->9328 9346 87cfbd _unexpected 41 API calls 9347 8801fc 9346->9347 9348->9340 9350 8801c0 9349->9350 9351 88020b _unexpected 9349->9351 9353 8801dc 9350->9353 9351->9350 9356 87ff30 9351->9356 9466 87d8b0 LeaveCriticalSection 9353->9466 9355 8801d3 9355->9345 9355->9346 9357 87ffb0 9356->9357 9360 87ff46 9356->9360 9359 87d751 __freea 14 API calls 9357->9359 9382 87fffe 9357->9382 9361 87ffd2 9359->9361 9360->9357 9364 87ff79 9360->9364 9367 87d751 __freea 14 API calls 9360->9367 9362 87d751 __freea 14 API calls 9361->9362 9363 87ffe5 9362->9363 9369 87d751 __freea 14 API calls 9363->9369 9370 87d751 __freea 14 API calls 9364->9370 9383 87ff9b 9364->9383 9365 87d751 __freea 14 API calls 9371 87ffa5 9365->9371 9366 88000c 9372 88006c 9366->9372 9381 87d751 14 API calls __freea 9366->9381 9368 87ff6e 9367->9368 9384 87fa7e 9368->9384 9374 87fff3 9369->9374 9375 87ff90 9370->9375 9376 87d751 __freea 14 API calls 9371->9376 9377 87d751 __freea 14 API calls 9372->9377 9379 87d751 __freea 14 API calls 9374->9379 9412 87fb7c 9375->9412 9376->9357 9378 880072 9377->9378 9378->9350 9379->9382 9381->9366 9424 8800a1 9382->9424 9383->9365 9385 87fa8f 9384->9385 9411 87fb78 9384->9411 9386 87faa0 9385->9386 9388 87d751 __freea 14 API calls 9385->9388 9387 87fab2 9386->9387 9389 87d751 __freea 14 API calls 9386->9389 9390 87fac4 9387->9390 9391 87d751 __freea 14 API calls 9387->9391 9388->9386 9389->9387 9392 87fad6 9390->9392 9393 87d751 __freea 14 API calls 9390->9393 9391->9390 9394 87fae8 9392->9394 9396 87d751 __freea 14 API calls 9392->9396 9393->9392 9395 87fafa 9394->9395 9397 87d751 __freea 14 API calls 9394->9397 9398 87fb0c 9395->9398 9399 87d751 __freea 14 API calls 9395->9399 9396->9394 9397->9395 9400 87fb1e 9398->9400 9401 87d751 __freea 14 API calls 9398->9401 9399->9398 9402 87d751 __freea 14 API calls 9400->9402 9406 87fb30 9400->9406 9401->9400 9402->9406 9403 87d751 __freea 14 API calls 9405 87fb42 9403->9405 9404 87fb54 9408 87fb66 9404->9408 9409 87d751 __freea 14 API calls 9404->9409 9405->9404 9407 87d751 __freea 14 API calls 9405->9407 9406->9403 9406->9405 9407->9404 9410 87d751 __freea 14 API calls 9408->9410 9408->9411 9409->9408 9410->9411 9411->9364 9413 87fb89 9412->9413 9423 87fbe1 9412->9423 9414 87fb99 9413->9414 9415 87d751 __freea 14 API calls 9413->9415 9416 87fbab 9414->9416 9418 87d751 __freea 14 API calls 9414->9418 9415->9414 9417 87fbbd 9416->9417 9419 87d751 __freea 14 API calls 9416->9419 9420 87d751 __freea 14 API calls 9417->9420 9421 87fbcf 9417->9421 9418->9416 9419->9417 9420->9421 9422 87d751 __freea 14 API calls 9421->9422 9421->9423 9422->9423 9423->9383 9425 8800ae 9424->9425 9429 8800cd 9424->9429 9425->9429 9430 87fc0a 9425->9430 9428 87d751 __freea 14 API calls 9428->9429 9429->9366 9431 87fce8 9430->9431 9432 87fc1b 9430->9432 9431->9428 9433 87fbe5 _unexpected 14 API calls 9432->9433 9434 87fc23 9433->9434 9435 87fbe5 _unexpected 14 API calls 9434->9435 9436 87fc2e 9435->9436 9437 87fbe5 _unexpected 14 API calls 9436->9437 9438 87fc39 9437->9438 9439 87fbe5 _unexpected 14 API calls 9438->9439 9440 87fc44 9439->9440 9441 87fbe5 _unexpected 14 API calls 9440->9441 9442 87fc52 9441->9442 9443 87d751 __freea 14 API calls 9442->9443 9444 87fc5d 9443->9444 9445 87d751 __freea 14 API calls 9444->9445 9446 87fc68 9445->9446 9447 87d751 __freea 14 API calls 9446->9447 9448 87fc73 9447->9448 9449 87fbe5 _unexpected 14 API calls 9448->9449 9450 87fc81 9449->9450 9451 87fbe5 _unexpected 14 API calls 9450->9451 9452 87fc8f 9451->9452 9453 87fbe5 _unexpected 14 API calls 9452->9453 9454 87fca0 9453->9454 9455 87fbe5 _unexpected 14 API calls 9454->9455 9456 87fcae 9455->9456 9457 87fbe5 _unexpected 14 API calls 9456->9457 9458 87fcbc 9457->9458 9459 87d751 __freea 14 API calls 9458->9459 9460 87fcc7 9459->9460 9461 87d751 __freea 14 API calls 9460->9461 9462 87fcd2 9461->9462 9463 87d751 __freea 14 API calls 9462->9463 9464 87fcdd 9463->9464 9465 87d751 __freea 14 API calls 9464->9465 9465->9431 9466->9355 9468 87d466 _unexpected 41 API calls 9467->9468 9469 87e480 9468->9469 9470 87e393 ___scrt_uninitialize_crt 41 API calls 9469->9470 9471 87e48b 9470->9471 9471->9334 9473 87e0ba GetCPInfo 9472->9473 9482 87e183 9472->9482 9479 87e0d2 9473->9479 9473->9482 9475 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9477 87e23c 9475->9477 9477->9301 9483 87fd8a 9479->9483 9481 880fce 45 API calls 9481->9482 9482->9475 9484 87dd4f 41 API calls 9483->9484 9485 87fdaa 9484->9485 9503 87e730 9485->9503 9487 87fe6e 9490 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9487->9490 9488 87fe66 9506 87fe93 9488->9506 9489 87fdd7 9489->9487 9489->9488 9492 87fcee __onexit 15 API calls 9489->9492 9494 87fdfc __alloca_probe_16 ___scrt_fastfail 9489->9494 9493 87e13a 9490->9493 9492->9494 9498 880fce 9493->9498 9494->9488 9495 87e730 ___scrt_uninitialize_crt MultiByteToWideChar 9494->9495 9496 87fe47 9495->9496 9496->9488 9497 87fe52 GetStringTypeW 9496->9497 9497->9488 9499 87dd4f 41 API calls 9498->9499 9500 880fe1 9499->9500 9510 880de0 9500->9510 9504 87e741 MultiByteToWideChar 9503->9504 9504->9489 9507 87fe9f 9506->9507 9509 87feb0 9506->9509 9508 87d751 __freea 14 API calls 9507->9508 9507->9509 9508->9509 9509->9487 9511 880dfb 9510->9511 9512 87e730 ___scrt_uninitialize_crt MultiByteToWideChar 9511->9512 9516 880e41 9512->9516 9513 880fb9 9514 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9513->9514 9515 87e15b 9514->9515 9515->9481 9516->9513 9517 87fcee __onexit 15 API calls 9516->9517 9519 880e67 __alloca_probe_16 9516->9519 9527 880eed 9516->9527 9517->9519 9518 87fe93 __freea 14 API calls 9518->9513 9520 87e730 ___scrt_uninitialize_crt MultiByteToWideChar 9519->9520 9519->9527 9521 880eac 9520->9521 9521->9527 9538 87ebf4 9521->9538 9524 880ede 9524->9527 9528 87ebf4 6 API calls 9524->9528 9525 880f16 9526 880fa1 9525->9526 9529 87fcee __onexit 15 API calls 9525->9529 9531 880f28 __alloca_probe_16 9525->9531 9530 87fe93 __freea 14 API calls 9526->9530 9527->9518 9528->9527 9529->9531 9530->9527 9531->9526 9532 87ebf4 6 API calls 9531->9532 9533 880f6b 9532->9533 9533->9526 9544 87e7ac 9533->9544 9535 880f85 9535->9526 9536 880f8e 9535->9536 9537 87fe93 __freea 14 API calls 9536->9537 9537->9527 9547 87e8e8 9538->9547 9542 87ec45 LCMapStringW 9543 87ec05 9542->9543 9543->9524 9543->9525 9543->9527 9546 87e7c3 WideCharToMultiByte 9544->9546 9546->9535 9548 87e9e7 _unexpected 5 API calls 9547->9548 9549 87e8fe 9548->9549 9549->9543 9550 87ec51 9549->9550 9553 87e902 9550->9553 9552 87ec5c 9552->9542 9554 87e9e7 _unexpected 5 API calls 9553->9554 9555 87e918 9554->9555 9555->9552 9556->9309 9567 87e696 9557->9567 9559 87df1f 9560 87e696 41 API calls 9559->9560 9561 87df3e 9560->9561 9562 87ded3 9561->9562 9563 87d751 __freea 14 API calls 9561->9563 9564 87def1 9562->9564 9563->9562 9581 87d8b0 LeaveCriticalSection 9564->9581 9566 87dedf 9566->9271 9568 87e6a7 9567->9568 9577 87e6a3 ___scrt_uninitialize_crt 9567->9577 9569 87e6ae 9568->9569 9572 87e6c1 ___scrt_fastfail 9568->9572 9570 87bd1b __freea 14 API calls 9569->9570 9571 87e6b3 9570->9571 9573 87bc5d ___std_exception_copy 41 API calls 9571->9573 9574 87e6ef 9572->9574 9575 87e6f8 9572->9575 9572->9577 9573->9577 9576 87bd1b __freea 14 API calls 9574->9576 9575->9577 9579 87bd1b __freea 14 API calls 9575->9579 9578 87e6f4 9576->9578 9577->9559 9580 87bc5d ___std_exception_copy 41 API calls 9578->9580 9579->9578 9580->9577 9581->9566 9582 87d827 9583 87d832 9582->9583 9584 87eba9 6 API calls 9583->9584 9585 87d85b 9583->9585 9587 87d857 9583->9587 9584->9583 9588 87d87f 9585->9588 9589 87d88c 9588->9589 9591 87d8ab 9588->9591 9590 87d896 DeleteCriticalSection 9589->9590 9590->9590 9590->9591 9591->9587 9592 87a626 9593 87a63d 9592->9593 9594 87cebd _unexpected 41 API calls 9593->9594 9595 87a642 __FrameHandler3::FrameUnwindToState 9594->9595 9596 87a505 __InternalCxxFrameHandler 41 API calls 9595->9596 9597 87a677 __InternalCxxFrameHandler ___AdjustPointer 9596->9597 9598 87a020 RtlUnwind 9599 87ae20 9602 87b4d9 9599->9602 9603 87b4e6 9602->9603 9605 87ae2f 9602->9605 9604 87bd2e ___std_exception_destroy 14 API calls 9603->9604 9604->9605 8823 87eead 8824 87eeb2 8823->8824 8826 87eed5 8824->8826 8827 87f854 8824->8827 8828 87f883 8827->8828 8829 87f861 8827->8829 8828->8824 8830 87f86f DeleteCriticalSection 8829->8830 8831 87f87d 8829->8831 8830->8830 8830->8831 8832 87d751 __freea 14 API calls 8831->8832 8832->8828 9949 87d32d 9950 87d348 9949->9950 9951 87d338 9949->9951 9955 87d34e 9951->9955 9954 87d751 __freea 14 API calls 9954->9950 9956 87d363 9955->9956 9957 87d369 9955->9957 9958 87d751 __freea 14 API calls 9956->9958 9959 87d751 __freea 14 API calls 9957->9959 9958->9957 9960 87d375 9959->9960 9961 87d751 __freea 14 API calls 9960->9961 9962 87d380 9961->9962 9963 87d751 __freea 14 API calls 9962->9963 9964 87d38b 9963->9964 9965 87d751 __freea 14 API calls 9964->9965 9966 87d396 9965->9966 9967 87d751 __freea 14 API calls 9966->9967 9968 87d3a1 9967->9968 9969 87d751 __freea 14 API calls 9968->9969 9970 87d3ac 9969->9970 9971 87d751 __freea 14 API calls 9970->9971 9972 87d3b7 9971->9972 9973 87d751 __freea 14 API calls 9972->9973 9974 87d3c2 9973->9974 9975 87d751 __freea 14 API calls 9974->9975 9976 87d3d0 9975->9976 9981 87d17a 9976->9981 9982 87d186 __FrameHandler3::FrameUnwindToState 9981->9982 9997 87d868 EnterCriticalSection 9982->9997 9984 87d1ba 9998 87d1d9 9984->9998 9986 87d190 9986->9984 9988 87d751 __freea 14 API calls 9986->9988 9988->9984 9989 87d1e5 9990 87d1f1 __FrameHandler3::FrameUnwindToState 9989->9990 10002 87d868 EnterCriticalSection 9990->10002 9992 87d1fb 10003 87d41b 9992->10003 9994 87d20e 10007 87d22e 9994->10007 9997->9986 10001 87d8b0 LeaveCriticalSection 9998->10001 10000 87d1c7 10000->9989 10001->10000 10002->9992 10004 87d42a _unexpected 10003->10004 10005 87d451 _unexpected 10003->10005 10004->10005 10006 87ff30 _unexpected 14 API calls 10004->10006 10005->9994 10006->10005 10010 87d8b0 LeaveCriticalSection 10007->10010 10009 87d21c 10009->9954 10010->10009 9606 883425 9607 88344d 9606->9607 9608 883485 9607->9608 9609 88347e 9607->9609 9610 883477 9607->9610 9619 8834e0 9609->9619 9615 8834f7 9610->9615 9616 883500 9615->9616 9623 88396f 9616->9623 9620 883500 9619->9620 9621 88396f __startOneArgErrorHandling 20 API calls 9620->9621 9622 883483 9621->9622 9624 8839ae __startOneArgErrorHandling 9623->9624 9628 883a30 __startOneArgErrorHandling 9624->9628 9631 883e08 9624->9631 9626 884121 __startOneArgErrorHandling 14 API calls 9627 883a65 9626->9627 9629 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9627->9629 9628->9626 9628->9627 9630 88347c 9629->9630 9632 883e2b __raise_exc RaiseException 9631->9632 9633 883e26 9632->9633 9633->9628 10011 883727 10012 883740 __startOneArgErrorHandling 10011->10012 10013 883ac1 20 API calls 10012->10013 10014 883769 __startOneArgErrorHandling 10012->10014 10013->10014 9634 882c3a IsProcessorFeaturePresent 8833 8808b0 8834 8808ea 8833->8834 8835 87bd1b __freea 14 API calls 8834->8835 8840 8808fe 8834->8840 8836 8808f3 8835->8836 8838 87bc5d ___std_exception_copy 41 API calls 8836->8838 8837 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8839 88090b 8837->8839 8838->8840 8840->8837 9760 876fbf DeleteCriticalSection 9761 87703f 9760->9761 9762 87704e 9761->9762 9763 87bd2e ___std_exception_destroy 14 API calls 9761->9763 9763->9762 9635 87c23e 9636 87c255 9635->9636 9637 87c24e 9635->9637 9638 87c276 GetModuleFileNameW 9636->9638 9639 87c260 9636->9639 9643 87c29b 9638->9643 9640 87bd1b __freea 14 API calls 9639->9640 9641 87c265 9640->9641 9642 87bc5d ___std_exception_copy 41 API calls 9641->9642 9642->9637 9658 87c515 9643->9658 9646 87c2d1 9648 87bd1b __freea 14 API calls 9646->9648 9647 87c2dd 9649 87c2d6 9647->9649 9650 87c317 9647->9650 9648->9649 9651 87d751 __freea 14 API calls 9649->9651 9652 87c32e 9650->9652 9653 87c338 9650->9653 9651->9637 9654 87d751 __freea 14 API calls 9652->9654 9656 87d751 __freea 14 API calls 9653->9656 9655 87c336 9654->9655 9657 87d751 __freea 14 API calls 9655->9657 9656->9655 9657->9637 9659 87c526 9658->9659 9660 87c2c8 9658->9660 9659->9660 9661 87d8f8 _unexpected 14 API calls 9659->9661 9660->9646 9660->9647 9662 87c54f 9661->9662 9663 87d751 __freea 14 API calls 9662->9663 9663->9660 9764 8779c7 9765 8779fc 9764->9765 9766 8779d7 9764->9766 9766->9765 9767 87cebd _unexpected 41 API calls 9766->9767 9768 877a07 9767->9768 10015 880b49 10018 8808fe 10015->10018 10016 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10017 88090b 10016->10017 10018->10016 8627 8773c4 8632 8779bb SetUnhandledExceptionFilter 8627->8632 8629 8773c9 8633 87ce88 8629->8633 8631 8773d4 8632->8629 8634 87ce94 8633->8634 8635 87ceae 8633->8635 8634->8635 8636 87bd1b __freea 14 API calls 8634->8636 8635->8631 8637 87ce9e 8636->8637 8638 87bc5d ___std_exception_copy 41 API calls 8637->8638 8639 87cea9 8638->8639 8639->8631 9773 87f5c4 9774 87f5d1 9773->9774 9775 87d8f8 _unexpected 14 API calls 9774->9775 9776 87f5eb 9775->9776 9777 87d751 __freea 14 API calls 9776->9777 9778 87f5f7 9777->9778 9779 87f61d 9778->9779 9780 87d8f8 _unexpected 14 API calls 9778->9780 9782 87eba9 6 API calls 9779->9782 9784 87f629 9779->9784 9785 87f687 9779->9785 9781 87f611 9780->9781 9783 87d751 __freea 14 API calls 9781->9783 9782->9779 9783->9779 9786 87adc1 9789 87adf4 9786->9789 9792 87b476 9789->9792 9793 87adcf 9792->9793 9794 87b483 ___std_exception_copy 9792->9794 9794->9793 9795 87b4b0 9794->9795 9798 87cf63 9794->9798 9797 87bd2e ___std_exception_destroy 14 API calls 9795->9797 9797->9793 9799 87cf7f 9798->9799 9800 87cf71 9798->9800 9801 87bd1b __freea 14 API calls 9799->9801 9800->9799 9805 87cf97 9800->9805 9802 87cf87 9801->9802 9803 87bc5d ___std_exception_copy 41 API calls 9802->9803 9804 87cf91 9803->9804 9804->9795 9805->9804 9806 87bd1b __freea 14 API calls 9805->9806 9806->9802 10019 876340 10020 876390 10019->10020 10021 87634e 10019->10021 10021->10020 10022 87637a HeapAlloc 10021->10022 10022->10020 10023 88234f 10025 882358 10023->10025 10024 88237f 10028 883420 10024->10028 10030 8834f7 20 API calls 10024->10030 10025->10024 10026 8823fe 10025->10026 10027 8834f7 20 API calls 10026->10027 10029 88240e 10027->10029 10031 88341e 10030->10031 8844 87a4cf 8847 87acbf 8844->8847 8848 87accd ___except_validate_context_record 8847->8848 8856 879a26 8848->8856 8851 87ad12 8855 87a4f5 8851->8855 8870 87b0c5 8851->8870 8854 87ad38 8854->8855 8873 87a75c 8854->8873 8917 879a34 8856->8917 8858 879a2b 8859 879a33 8858->8859 8860 87f0d8 _unexpected 2 API calls 8858->8860 8859->8851 8859->8854 8859->8855 8861 87cfc2 8860->8861 8862 87cfcd 8861->8862 8863 87f11d _unexpected 41 API calls 8861->8863 8864 87cfd7 IsProcessorFeaturePresent 8862->8864 8869 87cff6 8862->8869 8863->8862 8865 87cfe3 8864->8865 8867 87ba61 _unexpected 8 API calls 8865->8867 8866 87c1ec _unexpected 23 API calls 8868 87d000 8866->8868 8867->8869 8869->8866 8939 87b0dd 8870->8939 8872 87b0d8 8872->8855 8876 87a77c __FrameHandler3::FrameUnwindToState 8873->8876 8874 87cebd _unexpected 41 API calls 8875 87aafa 8874->8875 8878 879a26 _unexpected 51 API calls 8876->8878 8881 87a89e 8876->8881 8914 87a899 8876->8914 8877 87aa60 8894 87aa5e 8877->8894 8877->8914 8979 87aafb 8877->8979 8880 87a7dc 8878->8880 8879 879a26 _unexpected 51 API calls 8879->8914 8883 87aa91 8880->8883 8885 879a26 _unexpected 51 API calls 8880->8885 8881->8877 8882 87a8e9 8881->8882 8888 87aa02 ___DestructExceptionObject 8882->8888 8964 87a15e 8882->8964 8883->8855 8887 87a7ea 8885->8887 8889 879a26 _unexpected 51 API calls 8887->8889 8890 87b1c5 IsInExceptionSpec 41 API calls 8888->8890 8888->8894 8888->8914 8895 87a7f2 8889->8895 8891 87aa58 8890->8891 8893 87aab6 8891->8893 8891->8894 8892 879a26 _unexpected 51 API calls 8896 87a83b 8892->8896 8897 879a26 _unexpected 51 API calls 8893->8897 8894->8879 8895->8892 8895->8914 8896->8881 8898 879a26 _unexpected 51 API calls 8896->8898 8899 87aabb 8897->8899 8900 87a845 8898->8900 8902 879a26 _unexpected 51 API calls 8899->8902 8903 879a26 _unexpected 51 API calls 8900->8903 8901 87a907 ___TypeMatch 8901->8888 8969 87a6dc 8901->8969 8904 87aac3 8902->8904 8905 87a850 8903->8905 8999 87a342 RtlUnwind 8904->8999 8959 87b1c5 8905->8959 8909 87aada 8911 87b0c5 __InternalCxxFrameHandler 51 API calls 8909->8911 8910 87a85c 8910->8881 8915 87a862 __InternalCxxFrameHandler ___DestructExceptionObject type_info::operator== 8910->8915 8912 87aae6 __InternalCxxFrameHandler 8911->8912 9000 87b041 8912->9000 8914->8874 8914->8883 8915->8914 8996 87b4f8 8915->8996 8918 879a40 GetLastError 8917->8918 8919 879a3d 8917->8919 8931 879d28 8918->8931 8919->8858 8922 879a74 8923 879aba SetLastError 8922->8923 8923->8858 8924 879d63 ___vcrt_FlsSetValue 6 API calls 8925 879a6e _unexpected 8924->8925 8925->8922 8926 879a96 8925->8926 8927 879d63 ___vcrt_FlsSetValue 6 API calls 8925->8927 8928 879d63 ___vcrt_FlsSetValue 6 API calls 8926->8928 8929 879aaa 8926->8929 8927->8926 8928->8929 8936 87bd2e 8929->8936 8932 879c43 try_get_function 5 API calls 8931->8932 8933 879d42 8932->8933 8934 879a55 8933->8934 8935 879d5a TlsGetValue 8933->8935 8934->8922 8934->8923 8934->8924 8935->8934 8937 87d751 __freea 14 API calls 8936->8937 8938 87bd46 8937->8938 8938->8922 8940 87b0e9 __FrameHandler3::FrameUnwindToState 8939->8940 8941 879a26 _unexpected 51 API calls 8940->8941 8947 87b104 __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 8941->8947 8943 87b184 8945 87b189 __FrameHandler3::FrameUnwindToState 8943->8945 8953 87cebd 8943->8953 8945->8872 8947->8943 8948 87b1ab 8947->8948 8949 879a26 _unexpected 51 API calls 8948->8949 8950 87b1b0 8949->8950 8951 87b1bb 8950->8951 8952 879a26 _unexpected 51 API calls 8950->8952 8951->8943 8952->8951 8954 87cec9 __FrameHandler3::FrameUnwindToState 8953->8954 8955 87d466 _unexpected 41 API calls 8954->8955 8958 87cece 8955->8958 8956 87cfbd _unexpected 41 API calls 8957 87cef8 8956->8957 8958->8956 8960 87b259 8959->8960 8963 87b1d9 ___TypeMatch 8959->8963 8961 87cebd _unexpected 41 API calls 8960->8961 8962 87b25e 8961->8962 8963->8910 8965 87a17c 8964->8965 8966 87a1b2 8965->8966 8967 87cebd _unexpected 41 API calls 8965->8967 8966->8901 8968 87a1cd 8967->8968 8970 87a6fb 8969->8970 8971 87a6ee 8969->8971 9016 87a342 RtlUnwind 8970->9016 9012 87a643 8971->9012 8974 87a710 8975 87b0dd __FrameHandler3::FrameUnwindToState 51 API calls 8974->8975 8976 87a721 __FrameHandler3::FrameUnwindToState 8975->8976 9017 87ae7d 8976->9017 8978 87a749 __InternalCxxFrameHandler 8978->8901 8980 87ab11 8979->8980 8981 87ac26 8979->8981 8982 879a26 _unexpected 51 API calls 8980->8982 8981->8894 8983 87ab18 8982->8983 8984 87ab1f EncodePointer 8983->8984 8993 87ab5a 8983->8993 8987 879a26 _unexpected 51 API calls 8984->8987 8985 87ab77 8989 87a15e __InternalCxxFrameHandler 41 API calls 8985->8989 8986 87ac2b 8988 87cebd _unexpected 41 API calls 8986->8988 8990 87ab2d 8987->8990 8991 87ac30 8988->8991 8994 87ab8e 8989->8994 8992 87a22c CallCatchBlock 51 API calls 8990->8992 8990->8993 8992->8993 8993->8981 8993->8985 8993->8986 8994->8981 8995 87a6dc __InternalCxxFrameHandler 53 API calls 8994->8995 8995->8994 8997 87b518 RaiseException 8996->8997 8997->8893 8999->8909 9001 87b04d __EH_prolog3_catch 9000->9001 9002 879a26 _unexpected 51 API calls 9001->9002 9003 87b052 9002->9003 9004 87b075 9003->9004 9079 87b2ec 9003->9079 9006 87cebd _unexpected 41 API calls 9004->9006 9008 87b07a 9006->9008 9013 87a64f __FrameHandler3::FrameUnwindToState 9012->9013 9031 87a505 9013->9031 9015 87a677 __InternalCxxFrameHandler ___AdjustPointer 9015->8970 9016->8974 9018 87ae89 __FrameHandler3::FrameUnwindToState 9017->9018 9038 87a3c6 9018->9038 9021 879a26 _unexpected 51 API calls 9022 87aeb5 9021->9022 9023 879a26 _unexpected 51 API calls 9022->9023 9024 87aec0 9023->9024 9025 879a26 _unexpected 51 API calls 9024->9025 9026 87aecb 9025->9026 9027 879a26 _unexpected 51 API calls 9026->9027 9028 87aed3 _CallCatchBlock2 9027->9028 9043 87afc5 9028->9043 9030 87afad 9030->8978 9032 87a511 __FrameHandler3::FrameUnwindToState 9031->9032 9033 87cebd _unexpected 41 API calls 9032->9033 9034 87a58c __InternalCxxFrameHandler ___AdjustPointer 9032->9034 9035 87a642 __FrameHandler3::FrameUnwindToState 9033->9035 9034->9015 9036 87a505 __InternalCxxFrameHandler 41 API calls 9035->9036 9037 87a677 __InternalCxxFrameHandler ___AdjustPointer 9036->9037 9037->9015 9039 879a26 _unexpected 51 API calls 9038->9039 9040 87a3d7 9039->9040 9041 879a26 _unexpected 51 API calls 9040->9041 9042 87a3e2 9041->9042 9042->9021 9052 87a3ea 9043->9052 9045 87afd6 9046 879a26 _unexpected 51 API calls 9045->9046 9047 87afdc 9046->9047 9048 879a26 _unexpected 51 API calls 9047->9048 9049 87afe7 9048->9049 9051 87b028 ___DestructExceptionObject 9049->9051 9071 87b3e1 9049->9071 9051->9030 9053 879a26 _unexpected 51 API calls 9052->9053 9054 87a3f3 9053->9054 9055 87a3fb 9054->9055 9056 87a409 9054->9056 9057 879a26 _unexpected 51 API calls 9055->9057 9058 879a26 _unexpected 51 API calls 9056->9058 9059 87a403 9057->9059 9060 87a40e 9058->9060 9059->9045 9060->9059 9061 87cebd _unexpected 41 API calls 9060->9061 9062 87a431 9061->9062 9063 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9062->9063 9064 87a446 9063->9064 9065 87a451 9064->9065 9066 87acbf __InternalCxxFrameHandler 54 API calls 9064->9066 9065->9045 9067 87a489 9066->9067 9068 87a4a0 9067->9068 9074 87a342 RtlUnwind 9067->9074 9075 87a22c 9068->9075 9072 879a26 _unexpected 51 API calls 9071->9072 9073 87b3e9 9072->9073 9073->9051 9074->9068 9076 87a24e 9075->9076 9077 87a23c 9075->9077 9078 879a26 _unexpected 51 API calls 9076->9078 9077->9065 9078->9077 9080 879a26 _unexpected 51 API calls 9079->9080 9081 87b2f2 9080->9081 9082 87cebd _unexpected 41 API calls 9081->9082 9083 87b308 9082->9083 9668 87ee4d 9669 87ee59 __FrameHandler3::FrameUnwindToState 9668->9669 9680 87d868 EnterCriticalSection 9669->9680 9671 87ee60 9672 87f889 42 API calls 9671->9672 9673 87ee6f 9672->9673 9674 87ee7e 9673->9674 9681 87ece7 GetStartupInfoW 9673->9681 9692 87eea4 9674->9692 9680->9671 9682 87ed04 9681->9682 9683 87ed98 9681->9683 9682->9683 9684 87f889 42 API calls 9682->9684 9687 87ed9d 9683->9687 9685 87ed2c 9684->9685 9685->9683 9686 87ed5c GetFileType 9685->9686 9686->9685 9688 87eda4 9687->9688 9689 87ede7 GetStdHandle 9688->9689 9690 87ee49 9688->9690 9691 87edfa GetFileType 9688->9691 9689->9688 9690->9674 9691->9688 9695 87d8b0 LeaveCriticalSection 9692->9695 9694 87ee8f 9695->9694 9084 87eccc GetProcessHeap 8697 87664b RegOpenKeyExW 8698 87667c 8697->8698 8699 876688 8697->8699 8700 876a46 15 API calls 8699->8700 8701 8766a0 SHQueryValueExW 8700->8701 8701->8698 9807 8763cb 9808 876411 9807->9808 9809 8763d6 9807->9809 9809->9808 9811 876232 9809->9811 9812 87623c HeapAlloc 9811->9812 9813 87624b 9811->9813 9814 87626f 9812->9814 9815 876254 HeapFree 9813->9815 9816 876262 HeapReAlloc 9813->9816 9814->9808 9815->9814 9816->9814 10032 876f49 10033 876f51 10032->10033 10039 876161 InitializeCriticalSectionAndSpinCount 10033->10039 10036 876f7c IsDebuggerPresent 10037 876f86 OutputDebugStringW 10036->10037 10038 876f91 10036->10038 10037->10038 10040 87617c 10039->10040 10041 876170 GetLastError 10039->10041 10040->10036 10040->10038 10041->10040 7757 8773d6 7758 8773e2 __FrameHandler3::FrameUnwindToState 7757->7758 7783 877105 7758->7783 7760 8773e9 7761 87753c 7760->7761 7771 877413 ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 7760->7771 7833 877825 IsProcessorFeaturePresent 7761->7833 7763 877543 7764 877549 7763->7764 7813 87c228 7763->7813 7837 87c1ec 7764->7837 7768 877432 7769 8774b3 7791 87793f 7769->7791 7771->7768 7771->7769 7816 87c202 7771->7816 7772 8774b9 7795 876898 GetModuleHandleW GetProcAddress 7772->7795 7775 8774ce 7822 877978 GetModuleHandleW 7775->7822 7778 8774d9 7779 8774e2 7778->7779 7824 87c1dd 7778->7824 7827 87728b 7779->7827 7784 87710e 7783->7784 7840 87767e IsProcessorFeaturePresent 7784->7840 7788 87711f 7789 877123 7788->7789 7851 879803 7788->7851 7789->7760 7918 879680 7791->7918 7794 877965 7794->7772 7796 8768b8 7795->7796 7920 8764af 7796->7920 7798 8768c4 7955 8762aa 7798->7955 7801 87694f 7963 876105 7801->7963 7804 8768d2 7805 8768f5 LoadLibraryExW 7804->7805 7806 87690d 7804->7806 7807 876911 GetProcAddress 7805->7807 7808 876908 7805->7808 7806->7775 7810 87692f FreeLibrary 7807->7810 7811 876923 GetCommandLineW 7807->7811 7961 87644c GetLastError 7808->7961 7810->7806 7811->7810 8377 87c053 7813->8377 7817 87c218 __FrameHandler3::FrameUnwindToState __onexit 7816->7817 7817->7769 8452 87d466 GetLastError 7817->8452 7819 87cfbd _unexpected 41 API calls 7820 87cef8 7819->7820 7823 8774d5 7822->7823 7823->7763 7823->7778 7825 87c053 _unexpected 23 API calls 7824->7825 7826 87c1e8 7825->7826 7826->7779 7828 877297 7827->7828 7832 8772ad 7828->7832 8479 87cbec 7828->8479 7830 8772a5 7831 879803 ___vcrt_uninitialize 8 API calls 7830->7831 7831->7832 7832->7768 7834 87783a ___scrt_fastfail 7833->7834 7835 8778e5 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7834->7835 7836 877930 ___scrt_fastfail 7835->7836 7836->7763 7838 87c053 _unexpected 23 API calls 7837->7838 7839 877551 7838->7839 7841 87711a 7840->7841 7842 8797da 7841->7842 7843 8797df ___vcrt_initialize_winapi_thunks 7842->7843 7859 879b14 7843->7859 7846 8797ed 7846->7788 7848 8797f5 7849 879800 7848->7849 7873 879b50 7848->7873 7849->7788 7852 87981d 7851->7852 7853 87980c 7851->7853 7852->7789 7854 879af9 ___vcrt_uninitialize_ptd 6 API calls 7853->7854 7855 879811 7854->7855 7856 879b50 ___vcrt_uninitialize_locks DeleteCriticalSection 7855->7856 7857 879816 7856->7857 7914 879e11 7857->7914 7861 879b1d 7859->7861 7862 879b46 7861->7862 7863 8797e9 7861->7863 7877 879da1 7861->7877 7864 879b50 ___vcrt_uninitialize_locks DeleteCriticalSection 7862->7864 7863->7846 7865 879ac6 7863->7865 7864->7863 7895 879cb2 7865->7895 7870 879af6 7870->7848 7872 879adb 7872->7848 7874 879b7a 7873->7874 7875 879b5b 7873->7875 7874->7846 7876 879b65 DeleteCriticalSection 7875->7876 7876->7874 7876->7876 7882 879c43 7877->7882 7879 879dbb 7880 879dd9 InitializeCriticalSectionAndSpinCount 7879->7880 7881 879dc4 7879->7881 7880->7881 7881->7861 7883 879c6b 7882->7883 7887 879c67 __crt_fast_encode_pointer 7882->7887 7883->7887 7888 879b7f 7883->7888 7886 879c85 GetProcAddress 7886->7887 7887->7879 7893 879b8e try_get_first_available_module 7888->7893 7889 879c38 7889->7886 7889->7887 7890 879bab LoadLibraryExW 7891 879bc6 GetLastError 7890->7891 7890->7893 7891->7893 7892 879c21 FreeLibrary 7892->7893 7893->7889 7893->7890 7893->7892 7894 879bf9 LoadLibraryExW 7893->7894 7894->7893 7896 879c43 try_get_function 5 API calls 7895->7896 7897 879ccc 7896->7897 7898 879ce5 TlsAlloc 7897->7898 7899 879ad0 7897->7899 7899->7872 7900 879d63 7899->7900 7901 879c43 try_get_function 5 API calls 7900->7901 7902 879d7d 7901->7902 7903 879d98 TlsSetValue 7902->7903 7904 879ae9 7902->7904 7903->7904 7904->7870 7905 879af9 7904->7905 7906 879b03 7905->7906 7908 879b09 7905->7908 7909 879ced 7906->7909 7908->7872 7910 879c43 try_get_function 5 API calls 7909->7910 7911 879d07 7910->7911 7912 879d1f TlsFree 7911->7912 7913 879d13 7911->7913 7912->7913 7913->7908 7915 879e1a 7914->7915 7917 879e40 7914->7917 7916 879e2a FreeLibrary 7915->7916 7915->7917 7916->7915 7917->7852 7919 877952 GetStartupInfoW 7918->7919 7919->7794 7921 8762aa 45 API calls 7920->7921 7922 8764ba 7921->7922 7923 876640 7922->7923 7969 876a46 7922->7969 7924 876105 RaiseException 7923->7924 7925 87664a 7924->7925 7928 876503 7929 8762aa 45 API calls 7928->7929 7930 8765fd 7928->7930 7931 87651f 7929->7931 7930->7798 7976 876bc5 7931->7976 7933 876542 8005 876994 7933->8005 7935 876534 7996 876bee 7935->7996 7938 876540 7939 876a46 15 API calls 7938->7939 7940 876559 PathRemoveFileSpecW 7939->7940 7941 876567 7940->7941 7981 876c6d 7941->7981 7945 876599 7946 8762aa 45 API calls 7945->7946 7947 8765a6 7946->7947 7947->7923 7948 8765ae 7947->7948 7949 876a46 15 API calls 7948->7949 7950 8765d0 SHGetFolderPathW 7949->7950 7951 8765e9 7950->7951 7951->7930 8009 87695a 7951->8009 7953 8765f5 7954 87695a 16 API calls 7953->7954 7954->7930 7956 8762e1 7955->7956 7957 8762b3 GetProcessHeap 7955->7957 7959 87633b 7956->7959 7960 8772ee 44 API calls 7956->7960 8303 8772ee 7957->8303 7959->7801 7959->7804 7960->7959 7962 876456 7961->7962 7962->7806 8376 8760f0 RaiseException 7963->8376 7965 876144 7966 876105 RaiseException 7968 876160 7966->7968 7967 876125 7967->7965 7967->7966 7970 876a77 7969->7970 7971 876a52 7969->7971 7972 876105 RaiseException 7970->7972 7973 8764eb GetModuleFileNameW 7971->7973 8017 876cc0 7971->8017 7975 876a81 7972->7975 7973->7928 7977 876be3 7976->7977 7978 876528 7976->7978 7979 876105 RaiseException 7977->7979 7978->7933 7978->7935 7980 876bed 7979->7980 7982 876c78 7981->7982 7983 876c9c 7982->7983 7984 876cba 7982->7984 7987 876587 7982->7987 7985 876d17 14 API calls 7983->7985 7986 876eac RaiseException 7984->7986 7985->7987 7988 876cbf 7986->7988 7989 8769bf 7987->7989 7990 8769d7 7989->7990 7995 8769eb 7989->7995 7991 876a0c 7990->7991 7992 8769e6 7990->7992 8123 876af3 7991->8123 7994 876c6d 15 API calls 7992->7994 7994->7995 7995->7945 8261 876ffa EnterCriticalSection 7996->8261 7998 876c51 8000 876c57 7998->8000 8270 876d8b FindResourceW 7998->8270 7999 876c19 FindResourceExW 8004 876c03 7999->8004 8000->7938 8001 876ffa 5 API calls 8001->8004 8004->7998 8004->7999 8004->8001 8266 876189 LoadResource 8004->8266 8006 8769a0 8005->8006 8007 876af3 42 API calls 8006->8007 8008 8769b8 8007->8008 8008->7938 8010 876a46 15 API calls 8009->8010 8011 876969 8010->8011 8012 876974 CharLowerBuffW 8011->8012 8013 876989 8011->8013 8014 876984 8012->8014 8015 876105 RaiseException 8013->8015 8014->7953 8016 876993 8015->8016 8018 876cd1 8017->8018 8019 876cda 8018->8019 8022 876ce4 8018->8022 8024 876e32 8019->8024 8021 876ce2 8021->7973 8022->8021 8032 876dfa 8022->8032 8025 876e51 8024->8025 8026 876ea6 8025->8026 8027 876e66 8025->8027 8043 876eac 8026->8043 8037 876d17 8027->8037 8031 876e7d 8031->8021 8033 876e0e 8032->8033 8034 876eac RaiseException 8033->8034 8036 876e21 8033->8036 8035 876e31 8034->8035 8036->8021 8038 876d29 8037->8038 8040 876d4c ___scrt_uninitialize_crt 8037->8040 8041 876d32 ___scrt_fastfail 8038->8041 8046 87bd1b 8038->8046 8040->8031 8041->8040 8042 87bd1b 14 API calls __freea 8041->8042 8042->8041 8044 876105 RaiseException 8043->8044 8045 876eb6 8044->8045 8049 87d5b7 GetLastError 8046->8049 8048 87bd20 8048->8041 8050 87d5cd 8049->8050 8054 87d5d3 8049->8054 8072 87eb28 8050->8072 8069 87d5d7 SetLastError 8054->8069 8077 87eb67 8054->8077 8058 87d61d 8061 87eb67 _unexpected 6 API calls 8058->8061 8059 87d60c 8060 87eb67 _unexpected 6 API calls 8059->8060 8062 87d61a 8060->8062 8063 87d629 8061->8063 8089 87d751 8062->8089 8064 87d644 8063->8064 8065 87d62d 8063->8065 8095 87d294 8064->8095 8068 87eb67 _unexpected 6 API calls 8065->8068 8068->8062 8069->8048 8071 87d751 __freea 12 API calls 8071->8069 8100 87e9e7 8072->8100 8074 87eb44 8075 87eb5f TlsGetValue 8074->8075 8076 87eb4d 8074->8076 8076->8054 8078 87e9e7 _unexpected 5 API calls 8077->8078 8079 87eb83 8078->8079 8080 87eba1 TlsSetValue 8079->8080 8081 87d5ef 8079->8081 8081->8069 8082 87d8f8 8081->8082 8087 87d905 _unexpected 8082->8087 8083 87d945 8086 87bd1b __freea 13 API calls 8083->8086 8084 87d930 HeapAlloc 8085 87d604 8084->8085 8084->8087 8085->8058 8085->8059 8086->8085 8087->8083 8087->8084 8106 87ef81 8087->8106 8090 87d75c HeapFree 8089->8090 8091 87d786 8089->8091 8090->8091 8092 87d771 GetLastError 8090->8092 8091->8069 8093 87d77e __freea 8092->8093 8094 87bd1b __freea 12 API calls 8093->8094 8094->8091 8109 87d128 8095->8109 8101 87ea15 8100->8101 8105 87ea11 __crt_fast_encode_pointer 8100->8105 8102 87e91c _unexpected LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 8101->8102 8101->8105 8103 87ea29 8102->8103 8104 87ea2f GetProcAddress 8103->8104 8103->8105 8104->8105 8105->8074 8107 87efae _unexpected EnterCriticalSection LeaveCriticalSection 8106->8107 8108 87ef8c 8107->8108 8108->8087 8110 87d134 __FrameHandler3::FrameUnwindToState 8109->8110 8111 87d868 __onexit EnterCriticalSection 8110->8111 8112 87d13e 8111->8112 8113 87d16e _unexpected LeaveCriticalSection 8112->8113 8114 87d15c 8113->8114 8115 87d23a 8114->8115 8116 87d246 __FrameHandler3::FrameUnwindToState 8115->8116 8117 87d868 __onexit EnterCriticalSection 8116->8117 8118 87d250 8117->8118 8119 87d41b _unexpected 14 API calls 8118->8119 8120 87d268 8119->8120 8121 87d288 _unexpected LeaveCriticalSection 8120->8121 8122 87d276 8121->8122 8122->8071 8124 876b0b 8123->8124 8138 876b01 __InternalCxxFrameHandler 8123->8138 8125 876b15 8124->8125 8126 876b9f 8124->8126 8127 876a46 15 API calls 8125->8127 8128 876105 RaiseException 8126->8128 8129 876b2d 8127->8129 8130 876ba9 8128->8130 8131 876b85 8129->8131 8132 876b3b 8129->8132 8133 876d17 14 API calls 8131->8133 8134 876b4c 8132->8134 8136 876b62 8132->8136 8132->8138 8133->8138 8135 87bd1b __freea 14 API calls 8134->8135 8137 876b51 8135->8137 8136->8138 8139 87bd1b __freea 14 API calls 8136->8139 8141 87bc5d 8137->8141 8138->7995 8139->8137 8144 87bba9 8141->8144 8145 87bbbb ___std_exception_copy 8144->8145 8150 87bbe0 8145->8150 8147 87bbd3 8161 87b999 8147->8161 8151 87bbf0 8150->8151 8153 87bbf7 8150->8153 8167 87b9fe GetLastError 8151->8167 8157 87bc05 8153->8157 8171 87b9d5 8153->8171 8155 87bc2c 8155->8157 8174 87bc6d IsProcessorFeaturePresent 8155->8174 8157->8147 8158 87bc5c 8159 87bba9 ___std_exception_copy 41 API calls 8158->8159 8160 87bc69 8159->8160 8160->8147 8162 87b9a5 8161->8162 8163 87b9bc 8162->8163 8213 87ba44 8162->8213 8165 87b9cf 8163->8165 8166 87ba44 ___std_exception_copy 41 API calls 8163->8166 8165->8138 8166->8165 8168 87ba17 8167->8168 8178 87d668 8168->8178 8172 87b9e0 GetLastError SetLastError 8171->8172 8173 87b9f9 8171->8173 8172->8155 8173->8155 8175 87bc79 8174->8175 8200 87ba61 8175->8200 8179 87d67b 8178->8179 8182 87d681 8178->8182 8180 87eb28 _unexpected 6 API calls 8179->8180 8180->8182 8181 87eb67 _unexpected 6 API calls 8183 87d69b 8181->8183 8182->8181 8199 87ba2f SetLastError 8182->8199 8184 87d8f8 _unexpected 14 API calls 8183->8184 8183->8199 8185 87d6ab 8184->8185 8186 87d6b3 8185->8186 8187 87d6c8 8185->8187 8189 87eb67 _unexpected 6 API calls 8186->8189 8188 87eb67 _unexpected 6 API calls 8187->8188 8191 87d6d4 8188->8191 8190 87d6bf 8189->8190 8194 87d751 __freea 14 API calls 8190->8194 8192 87d6e7 8191->8192 8193 87d6d8 8191->8193 8196 87d294 _unexpected 14 API calls 8192->8196 8195 87eb67 _unexpected 6 API calls 8193->8195 8194->8199 8195->8190 8197 87d6f2 8196->8197 8198 87d751 __freea 14 API calls 8197->8198 8198->8199 8199->8153 8201 87ba7d ___scrt_fastfail 8200->8201 8202 87baa9 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8201->8202 8204 87bb7a ___scrt_fastfail 8202->8204 8206 877061 8204->8206 8205 87bb98 GetCurrentProcess TerminateProcess 8205->8158 8207 87706c IsProcessorFeaturePresent 8206->8207 8208 87706a 8206->8208 8210 877599 8207->8210 8208->8205 8211 87755d ___raise_securityfailure SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8210->8211 8212 87767c 8211->8212 8212->8205 8214 87ba57 8213->8214 8215 87ba4e 8213->8215 8214->8163 8216 87b9fe ___std_exception_copy 16 API calls 8215->8216 8217 87ba53 8216->8217 8217->8214 8220 87cfbd 8217->8220 8231 87f0d8 8220->8231 8223 87cfcd 8225 87cfd7 IsProcessorFeaturePresent 8223->8225 8230 87cff6 8223->8230 8226 87cfe3 8225->8226 8228 87ba61 _unexpected 8 API calls 8226->8228 8227 87c1ec _unexpected 23 API calls 8229 87d000 8227->8229 8228->8230 8230->8227 8232 87f00a _unexpected EnterCriticalSection LeaveCriticalSection 8231->8232 8233 87cfc2 8232->8233 8233->8223 8234 87f11d 8233->8234 8235 87f129 __FrameHandler3::FrameUnwindToState 8234->8235 8236 87d5b7 _unexpected 14 API calls 8235->8236 8237 87f156 _unexpected 8235->8237 8241 87f150 _unexpected 8235->8241 8236->8241 8243 87d868 __onexit EnterCriticalSection 8237->8243 8244 87f1c9 8237->8244 8238 87f19d 8239 87bd1b __freea 14 API calls 8238->8239 8240 87f1a2 8239->8240 8242 87bc5d ___std_exception_copy 41 API calls 8240->8242 8241->8237 8241->8238 8252 87f187 8241->8252 8242->8252 8243->8244 8246 87f2fc 8244->8246 8247 87f20b 8244->8247 8258 87f23a 8244->8258 8245 87f2a9 _unexpected LeaveCriticalSection 8248 87f280 8245->8248 8249 87f307 8246->8249 8250 87d8b0 _unexpected LeaveCriticalSection 8246->8250 8254 87d466 _unexpected 41 API calls 8247->8254 8247->8258 8248->8252 8255 87d466 _unexpected 41 API calls 8248->8255 8259 87f28f 8248->8259 8251 87c1ec _unexpected 23 API calls 8249->8251 8250->8249 8253 87f30f 8251->8253 8252->8223 8256 87f22f 8254->8256 8255->8259 8257 87d466 _unexpected 41 API calls 8256->8257 8257->8258 8258->8245 8259->8252 8260 87d466 _unexpected 41 API calls 8259->8260 8260->8252 8262 877013 8261->8262 8264 87701c LeaveCriticalSection 8261->8264 8262->8264 8278 876fd5 8262->8278 8264->8004 8267 87619f LockResource 8266->8267 8269 8761bf 8266->8269 8268 8761ac SizeofResource 8267->8268 8267->8269 8268->8269 8269->8004 8271 876ddb 8270->8271 8272 876dac 8270->8272 8271->8000 8273 876189 3 API calls 8272->8273 8274 876db9 8273->8274 8274->8271 8275 876a46 15 API calls 8274->8275 8276 876dcc 8275->8276 8289 87b83d 8276->8289 8279 876fdf 8278->8279 8280 876fe4 8279->8280 8288 8760f0 RaiseException 8279->8288 8280->8264 8282 876ff9 EnterCriticalSection 8284 877013 8282->8284 8285 87701c LeaveCriticalSection 8282->8285 8284->8285 8287 876fd5 RaiseException 8284->8287 8285->8264 8287->8285 8288->8282 8290 87b84e 8289->8290 8299 87b84a ___scrt_uninitialize_crt 8289->8299 8291 87b855 8290->8291 8292 87b868 _wmemset 8290->8292 8293 87bd1b __freea 14 API calls 8291->8293 8296 87b8a2 8292->8296 8297 87b899 8292->8297 8292->8299 8294 87b85a 8293->8294 8295 87bc5d ___std_exception_copy 41 API calls 8294->8295 8295->8299 8296->8299 8301 87bd1b __freea 14 API calls 8296->8301 8298 87bd1b __freea 14 API calls 8297->8298 8300 87b89e 8298->8300 8299->8271 8302 87bc5d ___std_exception_copy 41 API calls 8300->8302 8301->8300 8302->8299 8306 8772b3 8303->8306 8307 8772d7 8306->8307 8308 8772d0 8306->8308 8315 87caac 8307->8315 8312 87ca2f 8308->8312 8311 8772d5 8311->7956 8313 87caac __onexit 44 API calls 8312->8313 8314 87ca41 8313->8314 8314->8311 8318 87c7f8 8315->8318 8319 87c804 __FrameHandler3::FrameUnwindToState 8318->8319 8326 87d868 EnterCriticalSection 8319->8326 8321 87c812 8327 87c853 8321->8327 8323 87c81f 8337 87c847 8323->8337 8326->8321 8328 87c86e 8327->8328 8329 87c8e1 __onexit __crt_fast_encode_pointer 8327->8329 8328->8329 8330 87c8c1 8328->8330 8340 87bd49 8328->8340 8329->8323 8330->8329 8331 87bd49 __onexit 44 API calls 8330->8331 8333 87c8d7 8331->8333 8336 87d751 __freea 14 API calls 8333->8336 8334 87c8b7 8335 87d751 __freea 14 API calls 8334->8335 8335->8330 8336->8329 8375 87d8b0 LeaveCriticalSection 8337->8375 8339 87c830 8339->8311 8341 87bd56 8340->8341 8342 87bd71 8340->8342 8341->8342 8344 87bd62 8341->8344 8343 87bd80 8342->8343 8349 87d78b 8342->8349 8356 87d7be 8343->8356 8345 87bd1b __freea 14 API calls 8344->8345 8348 87bd67 ___scrt_fastfail 8345->8348 8348->8334 8350 87d796 8349->8350 8351 87d7ab HeapSize 8349->8351 8352 87bd1b __freea 14 API calls 8350->8352 8351->8343 8353 87d79b 8352->8353 8354 87bc5d ___std_exception_copy 41 API calls 8353->8354 8355 87d7a6 8354->8355 8355->8343 8357 87d7d6 8356->8357 8358 87d7cb 8356->8358 8360 87d7de 8357->8360 8366 87d7e7 _unexpected 8357->8366 8368 87fcee 8358->8368 8361 87d751 __freea 14 API calls 8360->8361 8364 87d7d3 8361->8364 8362 87d811 HeapReAlloc 8362->8364 8362->8366 8363 87d7ec 8365 87bd1b __freea 14 API calls 8363->8365 8364->8348 8365->8364 8366->8362 8366->8363 8367 87ef81 _unexpected 2 API calls 8366->8367 8367->8366 8369 87fd2c 8368->8369 8370 87fcfc _unexpected 8368->8370 8371 87bd1b __freea 14 API calls 8369->8371 8370->8369 8372 87fd17 RtlAllocateHeap 8370->8372 8374 87ef81 _unexpected EnterCriticalSection LeaveCriticalSection 8370->8374 8373 87fd2a 8371->8373 8372->8370 8372->8373 8373->8364 8374->8370 8375->8339 8376->7967 8378 87c092 8377->8378 8379 87c080 8377->8379 8389 87befc 8378->8389 8381 877978 _unexpected GetModuleHandleW 8379->8381 8383 87c085 8381->8383 8383->8378 8404 87c13d GetModuleHandleExW 8383->8404 8384 87c0cf 8384->7764 8387 87c0e4 8390 87bf08 __FrameHandler3::FrameUnwindToState 8389->8390 8410 87d868 EnterCriticalSection 8390->8410 8392 87bf12 8411 87bf68 8392->8411 8394 87bf1f 8415 87bf3d 8394->8415 8397 87c0ea 8440 87c11b 8397->8440 8400 87c108 8402 87c13d _unexpected 3 API calls 8400->8402 8401 87c0f8 GetCurrentProcess TerminateProcess 8401->8400 8403 87c110 ExitProcess 8402->8403 8405 87c19d 8404->8405 8406 87c17c GetProcAddress 8404->8406 8407 87c1a3 FreeLibrary 8405->8407 8408 87c091 8405->8408 8406->8405 8409 87c190 8406->8409 8407->8408 8408->8378 8409->8405 8410->8392 8412 87bf74 __FrameHandler3::FrameUnwindToState 8411->8412 8414 87bfdb _unexpected 8412->8414 8418 87ca45 8412->8418 8414->8394 8439 87d8b0 LeaveCriticalSection 8415->8439 8417 87bf2b 8417->8384 8417->8397 8419 87ca51 __EH_prolog3 8418->8419 8422 87c79d 8419->8422 8421 87ca78 _unexpected 8421->8414 8423 87c7a9 __FrameHandler3::FrameUnwindToState 8422->8423 8430 87d868 EnterCriticalSection 8423->8430 8425 87c7b7 8431 87c955 8425->8431 8430->8425 8432 87c7c4 8431->8432 8433 87c974 8431->8433 8435 87c7ec 8432->8435 8433->8432 8434 87d751 __freea 14 API calls 8433->8434 8434->8432 8438 87d8b0 LeaveCriticalSection 8435->8438 8437 87c7d5 8437->8421 8438->8437 8439->8417 8445 87d8c7 GetPEB 8440->8445 8443 87c125 GetPEB 8444 87c0f4 8443->8444 8444->8400 8444->8401 8446 87d8e1 8445->8446 8447 87c120 8445->8447 8449 87ea6a 8446->8449 8447->8443 8447->8444 8450 87e9e7 _unexpected 5 API calls 8449->8450 8451 87ea86 8450->8451 8451->8447 8453 87d482 8452->8453 8454 87d47c 8452->8454 8456 87eb67 _unexpected 6 API calls 8453->8456 8458 87d486 SetLastError 8453->8458 8455 87eb28 _unexpected 6 API calls 8454->8455 8455->8453 8457 87d49e 8456->8457 8457->8458 8460 87d8f8 _unexpected 14 API calls 8457->8460 8462 87cece 8458->8462 8463 87d51b 8458->8463 8461 87d4b3 8460->8461 8464 87d4cc 8461->8464 8465 87d4bb 8461->8465 8462->7819 8466 87cfbd _unexpected 39 API calls 8463->8466 8468 87eb67 _unexpected 6 API calls 8464->8468 8467 87eb67 _unexpected 6 API calls 8465->8467 8469 87d520 8466->8469 8470 87d4c9 8467->8470 8471 87d4d8 8468->8471 8476 87d751 __freea 14 API calls 8470->8476 8472 87d4f3 8471->8472 8473 87d4dc 8471->8473 8474 87d294 _unexpected 14 API calls 8472->8474 8475 87eb67 _unexpected 6 API calls 8473->8475 8477 87d4fe 8474->8477 8475->8470 8476->8458 8478 87d751 __freea 14 API calls 8477->8478 8478->8458 8480 87cbf7 8479->8480 8481 87cc09 ___scrt_uninitialize_crt 8479->8481 8482 87cc05 8480->8482 8484 87f5bb 8480->8484 8481->7830 8482->7830 8487 87f448 8484->8487 8490 87f39c 8487->8490 8491 87f3a8 __FrameHandler3::FrameUnwindToState 8490->8491 8498 87d868 EnterCriticalSection 8491->8498 8493 87f3b2 ___scrt_uninitialize_crt 8494 87f41e 8493->8494 8499 87f310 8493->8499 8507 87f43c 8494->8507 8498->8493 8500 87f31c __FrameHandler3::FrameUnwindToState 8499->8500 8510 87f6d8 EnterCriticalSection 8500->8510 8502 87f372 8524 87f390 8502->8524 8503 87f326 ___scrt_uninitialize_crt 8503->8502 8511 87f556 8503->8511 8626 87d8b0 LeaveCriticalSection 8507->8626 8509 87f42a 8509->8482 8510->8503 8512 87f56b ___std_exception_copy 8511->8512 8513 87f572 8512->8513 8514 87f57d 8512->8514 8515 87f448 ___scrt_uninitialize_crt 70 API calls 8513->8515 8527 87f4ed 8514->8527 8517 87f578 8515->8517 8519 87b999 ___std_exception_copy 41 API calls 8517->8519 8520 87f5b5 8519->8520 8520->8502 8522 87f59e 8540 881144 8522->8540 8625 87f6ec LeaveCriticalSection 8524->8625 8526 87f37e 8526->8493 8528 87f506 8527->8528 8529 87f52d 8527->8529 8528->8529 8530 880882 ___scrt_uninitialize_crt 41 API calls 8528->8530 8529->8517 8533 880882 8529->8533 8531 87f522 8530->8531 8551 88196f 8531->8551 8534 88088e 8533->8534 8535 8808a3 8533->8535 8536 87bd1b __freea 14 API calls 8534->8536 8535->8522 8537 880893 8536->8537 8538 87bc5d ___std_exception_copy 41 API calls 8537->8538 8539 88089e 8538->8539 8539->8522 8541 881155 8540->8541 8544 881162 8540->8544 8543 87bd1b __freea 14 API calls 8541->8543 8542 8811ab 8545 87bd1b __freea 14 API calls 8542->8545 8550 88115a 8543->8550 8544->8542 8546 881189 8544->8546 8547 8811b0 8545->8547 8592 8810a2 8546->8592 8549 87bc5d ___std_exception_copy 41 API calls 8547->8549 8549->8550 8550->8517 8554 88197b __FrameHandler3::FrameUnwindToState 8551->8554 8552 881983 8552->8529 8553 881a3f 8555 87bbe0 ___std_exception_copy 41 API calls 8553->8555 8554->8552 8554->8553 8556 8819d0 8554->8556 8555->8552 8562 87f927 EnterCriticalSection 8556->8562 8558 8819d6 8560 8819f3 8558->8560 8563 881a77 8558->8563 8589 881a37 8560->8589 8562->8558 8564 881a9c 8563->8564 8587 881abf ___scrt_uninitialize_crt 8563->8587 8565 881aa0 8564->8565 8568 881afe 8564->8568 8566 87bbe0 ___std_exception_copy 41 API calls 8565->8566 8566->8587 8567 881b15 8570 8815fb ___scrt_uninitialize_crt 42 API calls 8567->8570 8568->8567 8569 88214e ___scrt_uninitialize_crt 43 API calls 8568->8569 8569->8567 8571 881b1f 8570->8571 8572 881b65 8571->8572 8573 881b25 8571->8573 8574 881bc8 WriteFile 8572->8574 8575 881b79 8572->8575 8576 881b2c 8573->8576 8577 881b4f 8573->8577 8580 881bea GetLastError 8574->8580 8574->8587 8578 881b81 8575->8578 8579 881bb6 8575->8579 8584 881593 ___scrt_uninitialize_crt 6 API calls 8576->8584 8576->8587 8581 8811c1 ___scrt_uninitialize_crt 47 API calls 8577->8581 8582 881ba4 8578->8582 8583 881b86 8578->8583 8585 881679 ___scrt_uninitialize_crt 7 API calls 8579->8585 8580->8587 8581->8587 8586 88183d ___scrt_uninitialize_crt 8 API calls 8582->8586 8583->8587 8588 881754 ___scrt_uninitialize_crt 7 API calls 8583->8588 8584->8587 8585->8587 8586->8587 8587->8560 8588->8587 8590 87f94a ___scrt_uninitialize_crt LeaveCriticalSection 8589->8590 8591 881a3d 8590->8591 8591->8552 8593 8810ae __FrameHandler3::FrameUnwindToState 8592->8593 8605 87f927 EnterCriticalSection 8593->8605 8595 8810bd 8603 881102 8595->8603 8606 87f9fe 8595->8606 8597 87bd1b __freea 14 API calls 8599 881109 8597->8599 8598 8810e9 FlushFileBuffers 8598->8599 8600 8810f5 GetLastError 8598->8600 8622 881138 8599->8622 8619 87bd08 8600->8619 8603->8597 8605->8595 8607 87fa0b 8606->8607 8609 87fa20 8606->8609 8608 87bd08 ___scrt_uninitialize_crt 14 API calls 8607->8608 8610 87fa10 8608->8610 8611 87bd08 ___scrt_uninitialize_crt 14 API calls 8609->8611 8613 87fa45 8609->8613 8612 87bd1b __freea 14 API calls 8610->8612 8614 87fa50 8611->8614 8615 87fa18 8612->8615 8613->8598 8616 87bd1b __freea 14 API calls 8614->8616 8615->8598 8617 87fa58 8616->8617 8618 87bc5d ___std_exception_copy 41 API calls 8617->8618 8618->8615 8620 87d5b7 _unexpected 14 API calls 8619->8620 8621 87bd0d 8620->8621 8621->8603 8623 87f94a ___scrt_uninitialize_crt LeaveCriticalSection 8622->8623 8624 881121 8623->8624 8624->8550 8625->8526 8626->8509 10042 87cb56 10045 87c747 10042->10045 10044 87cb5b 10046 87c753 __EH_prolog3 10045->10046 10055 87c711 10046->10055 10051 87c6e2 14 API calls 10052 87c77f 10051->10052 10053 87c6e2 14 API calls 10052->10053 10054 87c78a _unexpected 10053->10054 10054->10044 10056 87c723 10055->10056 10057 87c729 10055->10057 10058 87c6e2 14 API calls 10056->10058 10059 87c72c 10057->10059 10058->10057 10060 87c744 10059->10060 10061 87c73e 10059->10061 10060->10051 10062 87c6e2 14 API calls 10061->10062 10062->10060 9085 87a6d3 9086 87cebd _unexpected 41 API calls 9085->9086 9087 87a6db 9086->9087 10063 877552 10066 877ab8 10063->10066 10065 877557 10065->10065 10067 877ace 10066->10067 10069 877ad7 10067->10069 10070 877a6b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 10067->10070 10069->10065 10070->10069 9699 884c5f 9700 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9699->9700 9701 884c70 9700->9701 9702 87ae50 9703 87b4d9 ___std_exception_destroy 14 API calls 9702->9703 9704 87ae65 _AnonymousOriginator 9703->9704 9088 87cadf 9089 87d751 __freea 14 API calls 9088->9089 9090 87caed 9089->9090 9091 87d751 __freea 14 API calls 9090->9091 9092 87cb00 9091->9092 9093 87d751 __freea 14 API calls 9092->9093 9094 87cb11 9093->9094 9095 87d751 __freea 14 API calls 9094->9095 9096 87cb22 9095->9096 9705 882c50 9708 882c6e 9705->9708 9707 882c66 9709 882c73 9708->9709 9710 883533 15 API calls 9709->9710 9712 882d08 9709->9712 9711 882e9f 9710->9711 9711->9707 9712->9707 10071 87b15f 10074 87b42c 10071->10074 10075 87b43c 10074->10075 10076 87b451 10074->10076 10075->10076 10078 87b167 10075->10078 10080 879a26 _unexpected 51 API calls 10075->10080 10077 879a26 _unexpected 51 API calls 10076->10077 10079 87b45f 10077->10079 10079->10078 10081 879a26 _unexpected 51 API calls 10079->10081 10080->10076 10081->10078 9097 87ecde GetStartupInfoW 9098 87ed04 9097->9098 9099 87ed98 9097->9099 9098->9099 9103 87f889 9098->9103 9101 87ed2c 9101->9099 9102 87ed5c GetFileType 9101->9102 9102->9101 9104 87f895 __FrameHandler3::FrameUnwindToState 9103->9104 9105 87f8bf 9104->9105 9106 87f89e 9104->9106 9116 87d868 EnterCriticalSection 9105->9116 9108 87bd1b __freea 14 API calls 9106->9108 9109 87f8a3 9108->9109 9110 87bc5d ___std_exception_copy 41 API calls 9109->9110 9111 87f8ad 9110->9111 9111->9101 9112 87f8f7 9124 87f91e 9112->9124 9113 87f8cb 9113->9112 9117 87f7d9 9113->9117 9116->9113 9118 87d8f8 _unexpected 14 API calls 9117->9118 9120 87f7eb 9118->9120 9119 87f7f8 9121 87d751 __freea 14 API calls 9119->9121 9120->9119 9127 87eba9 9120->9127 9123 87f84d 9121->9123 9123->9113 9132 87d8b0 LeaveCriticalSection 9124->9132 9126 87f925 9126->9111 9128 87e9e7 _unexpected 5 API calls 9127->9128 9129 87ebc5 9128->9129 9130 87ebe3 InitializeCriticalSectionAndSpinCount 9129->9130 9131 87ebce 9129->9131 9130->9131 9131->9120 9132->9126 9713 876467 9714 876485 GetFileAttributesExW 9713->9714 9715 876481 9713->9715 9714->9715 9716 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9715->9716 9717 8764ad 9716->9717 9136 879ee0 9137 879ef2 9136->9137 9139 879f00 @_EH4_CallFilterFunc@8 9136->9139 9138 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9137->9138 9138->9139 10082 87d96d 10083 87d98d 10082->10083 10091 87d9a3 10082->10091 10084 87bd1b __freea 14 API calls 10083->10084 10085 87d992 10084->10085 10086 87bc5d ___std_exception_copy 41 API calls 10085->10086 10101 87d99c 10086->10101 10087 87c515 14 API calls 10088 87da61 10087->10088 10090 87da6a 10088->10090 10102 87da83 10088->10102 10093 87d751 __freea 14 API calls 10090->10093 10094 87da2b 10091->10094 10099 87da17 10091->10099 10108 87db25 10091->10108 10092 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10095 87db16 10092->10095 10093->10094 10119 87ddd1 10094->10119 10096 87daf1 10097 87d751 __freea 14 API calls 10096->10097 10100 87dafe 10097->10100 10099->10087 10103 87ddd1 14 API calls 10100->10103 10101->10092 10102->10096 10102->10102 10105 87db18 10102->10105 10125 87f7ce 10102->10125 10103->10101 10106 87bc6d ___std_exception_copy 11 API calls 10105->10106 10107 87db24 10106->10107 10109 87db35 10108->10109 10109->10109 10110 87d8f8 _unexpected 14 API calls 10109->10110 10111 87db68 10110->10111 10112 87f7ce 41 API calls 10111->10112 10113 87db94 10112->10113 10114 87bc6d ___std_exception_copy 11 API calls 10113->10114 10115 87dbd8 10114->10115 10116 87dc52 FindFirstFileExW 10115->10116 10117 87dc89 10116->10117 10118 87db25 41 API calls 10117->10118 10120 87ddee 10119->10120 10121 87ddde 10119->10121 10122 87d751 __freea 14 API calls 10120->10122 10121->10120 10123 87d751 __freea 14 API calls 10121->10123 10124 87ddf6 10122->10124 10123->10121 10124->10101 10130 87f700 10125->10130 10126 87f71a 10127 87f72e 10126->10127 10128 87bd1b __freea 14 API calls 10126->10128 10127->10102 10129 87f724 10128->10129 10131 87bc5d ___std_exception_copy 41 API calls 10129->10131 10130->10126 10130->10127 10132 87f758 10130->10132 10131->10127 10132->10127 10133 87bd1b __freea 14 API calls 10132->10133 10133->10129 9140 87cee9 9141 87ceec 9140->9141 9142 87cfbd _unexpected 41 API calls 9141->9142 9143 87cef8 9142->9143 10134 87b169 10140 87b10b __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 10134->10140 10135 87b1ab __FrameHandler3::FrameUnwindToState 51 API calls 10136 87b184 10135->10136 10137 87cebd _unexpected 41 API calls 10136->10137 10138 87b189 __FrameHandler3::FrameUnwindToState 10136->10138 10139 87b1c4 10137->10139 10140->10135 10140->10136 9144 8774f7 9147 87bdb6 9144->9147 9148 87d5b7 _unexpected 14 API calls 9147->9148 9149 877508 9148->9149 9725 876273 HeapSize 8640 87c570 8653 87e89a GetEnvironmentStringsW 8640->8653 8642 87c581 8643 87c587 8642->8643 8644 87c593 8642->8644 8645 87d751 __freea 14 API calls 8643->8645 8660 87c5c4 8644->8660 8647 87c58d 8645->8647 8649 87d751 __freea 14 API calls 8650 87c5b7 8649->8650 8651 87d751 __freea 14 API calls 8650->8651 8652 87c5bd 8651->8652 8654 87e8ab 8653->8654 8655 87e8a9 8653->8655 8656 87fcee __onexit 15 API calls 8654->8656 8655->8642 8657 87e8c0 ___scrt_uninitialize_crt 8656->8657 8658 87d751 __freea 14 API calls 8657->8658 8659 87e8da FreeEnvironmentStringsW 8658->8659 8659->8642 8661 87c5e3 8660->8661 8662 87d8f8 _unexpected 14 API calls 8661->8662 8663 87c623 8662->8663 8664 87c62b 8663->8664 8673 87c635 8663->8673 8665 87d751 __freea 14 API calls 8664->8665 8681 87c59a 8665->8681 8666 87c6aa 8667 87d751 __freea 14 API calls 8666->8667 8667->8681 8668 87d8f8 _unexpected 14 API calls 8668->8673 8669 87c6ba 8691 87c6e2 8669->8691 8673->8666 8673->8668 8673->8669 8675 87c6d5 8673->8675 8677 87d751 __freea 14 API calls 8673->8677 8682 87b8ed 8673->8682 8674 87d751 __freea 14 API calls 8676 87c6c8 8674->8676 8678 87bc6d ___std_exception_copy 11 API calls 8675->8678 8679 87d751 __freea 14 API calls 8676->8679 8677->8673 8680 87c6e1 8678->8680 8679->8681 8681->8649 8683 87b909 8682->8683 8684 87b8fb 8682->8684 8685 87bd1b __freea 14 API calls 8683->8685 8684->8683 8689 87b923 8684->8689 8686 87b913 8685->8686 8687 87bc5d ___std_exception_copy 41 API calls 8686->8687 8688 87b91d 8687->8688 8688->8673 8689->8688 8690 87bd1b __freea 14 API calls 8689->8690 8690->8686 8692 87c6ef 8691->8692 8693 87c6c0 8691->8693 8694 87c706 8692->8694 8695 87d751 __freea 14 API calls 8692->8695 8693->8674 8696 87d751 __freea 14 API calls 8694->8696 8695->8692 8696->8693 9726 879870 9727 87988e 9726->9727 9738 879830 9727->9738 9739 879842 9738->9739 9740 87984f 9738->9740 9741 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9739->9741 9741->9740 9150 884cf0 9151 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9150->9151 9152 884d04 9151->9152 9153 877061 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9152->9153 9154 884d0e 9153->9154 9820 87cdf8 9823 87cd7f 9820->9823 9824 87cd8b __FrameHandler3::FrameUnwindToState 9823->9824 9831 87d868 EnterCriticalSection 9824->9831 9826 87cdc3 9832 87cde1 9826->9832 9828 87cd95 9828->9826 9830 8801fd ___scrt_uninitialize_crt 14 API calls 9828->9830 9830->9828 9831->9828 9835 87d8b0 LeaveCriticalSection 9832->9835 9834 87cdcf 9835->9834

Executed Functions

Control-flow Graph

C-Code - Quality: 52%
			E00876898(void* __ecx, void* __esi, intOrPtr _a4, intOrPtr _a16) {
				intOrPtr _v0;
				char _v5;
				WCHAR* _v12;
				void* _v28;
				void* __edi;
				void* __ebp;
				_Unknown_base(*)()* _t16;
				char _t17;
				WCHAR* _t21;
				void* _t23;
				void* _t41;
				intOrPtr* _t43;
				long _t44;
				void* _t51;
				void* _t53;
				intOrPtr _t54;
				long _t55;
				struct HINSTANCE__* _t59;
				void* _t60;
				intOrPtr* _t61;
				int _t63;
				intOrPtr* _t65;
				void* _t67;
				void* _t71;

				_t60 = __esi;
				_t67 = _t71;
				_push(__ecx);
				_push(__ecx);
				_t16 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetDefaultDllDirectories");
				if(_t16 != 0) {
					 *_t16(0x800); // executed
				}
				_t17 = E008764AF(_t41); // executed
				_v5 = _t17;
				_t43 = E008762AA();
				if(_t43 == 0) {
					_push(0x80004005);
					E00876105(_t43, _t51, _t53, _t60);
					asm("int3");
					_push(_t60);
					_t61 = _t43;
					_push(_t53);
					_t54 =  *((intOrPtr*)( *_t61 - 0xc));
					_t21 = E00876A46(_t43, _t61, _t54);
					_t44 = _t54 + 1;
					if(_t44 > 0x7fffffff) {
						_push(0x80070057);
						E00876105(_t44, _t51, _t54, _t61);
						asm("int3");
						_push(_t67);
						_push(_t54);
						_t55 = _t44;
						if( *((intOrPtr*)(_t71 + 8)) != 0) {
							_t23 = E0087B565(_v0);
						} else {
							_t23 = 0;
						}
						E00876AF3(_t41, _t55, _t55, _v0, _t23);
						return _t55;
					} else {
						CharLowerBuffW(_t21, _t44);
						_push(_t54);
						L00876AC8(_t41, _t61, _t54, _t61);
						return _t61;
					}
				} else {
					_v12 =  *((intOrPtr*)( *_t43 + 0xc))() + 0x10;
					_t33 = L008766E9(_t41, _a4, _v5, _t60,  &_v12, _t53, _t60); // executed
					_t63 = _t33;
					if(_t63 >= 0) {
						_t59 = LoadLibraryExW(_v12, 0, 0);
						if(_t59 != 0) {
							_t65 = GetProcAddress(_t59, "DllEntry");
							if(_t65 == 0) {
								_t63 = 0x80004005;
							} else {
								_t63 =  *_t65(GetCommandLineW(), _a16);
							}
							_t33 = FreeLibrary(_t59);
						} else {
							_t63 = E0087644C();
						}
					}
					E00876BAA(_t33,  &_v12);
					return _t63;
				}
			}



























0x00876898
0x00876899
0x0087689b
0x0087689c
0x008768ae
0x008768b6
0x008768bd
0x008768bd
0x008768bf
0x008768c4
0x008768cc
0x008768d0
0x0087694f
0x00876954
0x00876959
0x0087695a
0x0087695b
0x0087695d
0x00876960
0x00876964
0x00876969
0x00876972
0x00876989
0x0087698e
0x00876993
0x00876994
0x0087699b
0x0087699c
0x0087699e
0x008769a7
0x008769a0
0x008769a0
0x008769a0
0x008769b3
0x008769bc
0x00876974
0x00876976
0x0087697c
0x0087697f
0x00876988
0x00876988
0x008768d2
0x008768e2
0x008768e9
0x008768ee
0x008768f3
0x00876902
0x00876906
0x0087691d
0x00876921
0x00876933
0x00876923
0x0087692f
0x0087692f
0x00876939
0x00876908
0x0087690d
0x0087690d
0x00876906
0x00876942
0x0087694c
0x0087694c

APIs
  • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories,?,?,?,80004005,?,?,?,?,?,00000104), ref: 008768A7
  • GetProcAddress.KERNEL32(00000000), ref: 008768AE
  • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,?,?,80004005,?,?,?,?,?,00000104), ref: 008768FC
  • GetProcAddress.KERNEL32(00000000,DllEntry), ref: 00876917
  • GetCommandLineW.KERNEL32(?,?,?,?,?,80004005,?,?,?,?,?,00000104), ref: 00876926
  • FreeLibrary.KERNEL32(00000000,?,?,?,?,80004005,?,?,?,?,?,00000104), ref: 00876939
Strings
  • DllEntry, xrefs: 00876911
  • kernel32.dll, xrefs: 008768A2
  • SetDefaultDllDirectories, xrefs: 0087689D
  • goopdate.dll, xrefs: 00876782, 00876822
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: AddressLibraryProc$CommandFreeHandleLineLoadModule
  • String ID: DllEntry$SetDefaultDllDirectories$goopdate.dll$kernel32.dll
  • API String ID: 1042781669-2363133576
  • Opcode ID: 4f23e9bf2cb830acfac9449ec73027949783a8c106e0a9ee878539e9086cb625
  • Instruction ID: de3a28676d3a4cf3ff7dc421cfaa105add28dca02b9ad3c16eba65f7e2fba80e
  • Opcode Fuzzy Hash: 4f23e9bf2cb830acfac9449ec73027949783a8c106e0a9ee878539e9086cb625
  • Instruction Fuzzy Hash: E111E631940A16FBCB11A7B88C19B6E7E68FF40760F088069FA09F7259FE74C81487A1
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 140 8779bb-8779c6 SetUnhandledExceptionFilter
C-Code - Quality: 100%
			E008779BB() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E008779C7); // executed
				return _t1;
			}




0x008779c0
0x008779c6

APIs
  • SetUnhandledExceptionFilter.KERNELBASE(Function_000079C7,008773C9), ref: 008779C0
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: ec3f3bc11ec296c4d2144461fcb1f0fe5070f591950ce11b1a0d8b9b70b8f233
  • Instruction ID: 436dbdbf9351b045e090a4a1f42ce14f282066e55a0e24b60bd2e5e0aad3bff0
  • Opcode Fuzzy Hash: ec3f3bc11ec296c4d2144461fcb1f0fe5070f591950ce11b1a0d8b9b70b8f233
  • Instruction Fuzzy Hash:
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 26 87664b-87667a RegOpenKeyExW 27 87667c 26->27 28 876688-8766c7 call 876a46 SHQueryValueExW call 876a20 26->28 29 8766e5-8766e8 27->29 30 87667e-876686 27->30 35 8766c9 28->35 36 8766d8-8766e0 28->36 30->29 37 8766d4-8766d6 35->37 38 8766cb-8766ce 35->38 36->29 37->29 38->37
C-Code - Quality: 95%
			E0087664B(signed int __ecx, char __edx) {
				void* _v8;
				int _v12;
				int _v16;
				signed int _v20;
				void* _v24;
				char _v28;
				void* __esi;
				void* __ebp;
				signed short _t17;
				int _t18;
				void* _t19;
				signed int _t26;
				char _t36;
				signed short _t37;
				signed short _t39;

				_t36 = __edx;
				_v8 = 0;
				_t17 = RegOpenKeyExW((__ecx & 0x000000ff) - 0x7fffffff, L"Software\\Google\\Update\\Clients\\{430FD4D0-B729-4F61-AA34-91526481799D}", 0, 0x20019,  &_v8); // executed
				_t39 = _t17;
				if(_t39 == 0) {
					_v20 = _v20 | 0xffffffff;
					_t18 = 0x32;
					_v12 = 0;
					_v16 = _t18;
					_v28 = _t36;
					_t19 = E00876A46(_t36, _t36, _t18);
					_v24 = _t19;
					_t37 = SHQueryValueExW(_v8, L"pv", 0,  &_v12, _t19,  &_v16);
					E00876A20( &_v28);
					__eflags = _t37;
					if(__eflags == 0) {
						asm("sbb eax, eax");
						_t26 =  ~(_v12 - 1) & 0x8000ffff;
						__eflags = _t26;
						return _t26;
					}
					if(__eflags > 0) {
						_t37 = _t37 & 0x0000ffff | 0x80070000;
						__eflags = _t37;
					}
					return _t37;
				}
				if(_t39 > 0) {
					return _t17 & 0x0000ffff | 0x80070000;
				}
				return _t17;
			}


















0x00876662
0x0087666e
0x00876672
0x00876678
0x0087667a
0x00876688
0x00876690
0x00876692
0x00876695
0x00876698
0x0087669b
0x008766a3
0x008766be
0x008766c0
0x008766c5
0x008766c7
0x008766de
0x008766e0
0x008766e0
0x00000000
0x008766e0
0x008766c9
0x008766ce
0x008766ce
0x008766ce
0x00000000
0x008766d4
0x0087667c
0x00000000
0x00876681
0x008766e8

APIs
  • RegOpenKeyExW.KERNELBASE(?,Software\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D},00000000,00020019,?), ref: 00876672
  • SHQueryValueExW.SHLWAPI(?,00875A88,00000000,?,00000000,?,00000032), ref: 008766B5
Strings
  • Software\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}, xrefs: 00876664
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: OpenQueryValue
  • String ID: Software\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
  • API String ID: 4153817207-3515202466
  • Opcode ID: 3d357544003a8f0d5b5596a16b7776221b60cbfa1ef3ecbba2337fe990d87c9a
  • Instruction ID: ed1f669f6255a238f13f4b4fbbb81152bdf90f5b25b934dbb9b223b629af491f
  • Opcode Fuzzy Hash: 3d357544003a8f0d5b5596a16b7776221b60cbfa1ef3ecbba2337fe990d87c9a
  • Instruction Fuzzy Hash: DA11C6B2D4052AAB8F20DB698D45DBFBAB8FB50710F508265B819E6194EA74CA04C7A0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

C-Code - Quality: 81%
			E008764AF(void* __ebx) {
				signed short _v8;
				void* _v12;
				int _v16;
				int _v20;
				signed int _v24;
				WCHAR* _v28;
				char _v32;
				void* _v44;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t56;
				signed short _t61;
				int _t62;
				void* _t63;
				WCHAR* _t74;
				void* _t76;
				signed int _t85;
				void* _t90;
				intOrPtr* _t92;
				void* _t93;
				WCHAR* _t96;
				void* _t97;
				signed int _t104;
				signed char _t106;
				char _t131;
				signed int _t134;
				void* _t140;
				char _t141;
				signed short _t142;
				long _t145;
				signed short _t147;

				_t56 = E008762AA();
				if(_t56 == 0) {
					L19:
					_push(0x80004005);
					E00876105(_t106, _t131, _t134, _t140);
					asm("int3");
					_push(_t140);
					_push(_t134);
					_t141 = _t131;
					_v44 = 0;
					_t61 = RegOpenKeyExW((_t106 & 0x000000ff) - 0x7fffffff, L"Software\\Google\\Update\\Clients\\{430FD4D0-B729-4F61-AA34-91526481799D}", 0, 0x20019,  &_v44); // executed
					__eflags = _t61;
					if(__eflags == 0) {
						_v24 = _v24 | 0xffffffff;
						_t62 = 0x32;
						_v16 = 0;
						_v20 = _t62;
						_v32 = _t141;
						_t63 = E00876A46(_t141, _t141, _t62);
						_v28 = _t63;
						_t142 = SHQueryValueExW(_v12, L"pv", 0,  &_v16, _t63,  &_v20);
						E00876A20( &_v32);
						__eflags = _t142;
						if(__eflags == 0) {
							asm("sbb eax, eax");
							_t61 =  ~(_v16 - 1) & 0x8000ffff;
							__eflags = _t61;
						} else {
							if(__eflags > 0) {
								_t142 = _t142 & 0x0000ffff | 0x80070000;
								__eflags = _t142;
							}
							_t61 = _t142;
						}
					} else {
						if(__eflags > 0) {
							_t61 = _t61 & 0x0000ffff | 0x80070000;
						}
					}
					return _t61;
				} else {
					_t131 =  *_t56;
					_v8 =  *((intOrPtr*)(_t131 + 0xc))(_t134, _t140, __ebx) + 0x10;
					_t134 = _t134 | 0xffffffff;
					_v24 = _t134;
					_v32 =  &_v8;
					_t74 = E00876A46( &_v8, _t140, 0x104);
					_t104 = 0;
					_v28 = _t74;
					_t145 = GetModuleFileNameW(0, _t74, 0x104);
					_t76 = E00876A20( &_v32);
					if(_t145 == 0 || _t145 > 0x104) {
						L18:
						E00876BAA(_t76,  &_v8);
						return _t104;
					} else {
						_t147 = _v8;
						E00876BC5( &_v12, _t131, _t134, E008762AA());
						if(_t147 == 0 || (_t147 & 0xffff0000) != 0) {
							E00876994( &_v12, _t147);
						} else {
							E00876BEE( &_v12, _t147 & 0x0000ffff);
						}
						PathRemoveFileSpecW(E00876A46( &_v12, _t147,  *((intOrPtr*)(_v12 - 0xc))));
						_t140 = _v12;
						if(_t140 != 0) {
							_t85 = E0087B68D(_t140,  *((intOrPtr*)(_t140 - 8)));
						} else {
							_t85 = _t104;
						}
						L00876AC8(_t104,  &_v12, _t134, _t140);
						_v20 = E00876C6D(_t140 - 0x10, _t85) + 0x10;
						_t90 = E008769BF( &_v8,  &_v20);
						_t106 =  &_v20;
						E00876BAA(_t90, _t106);
						_t92 = E008762AA();
						if(_t92 == 0) {
							goto L19;
						} else {
							_t93 =  *((intOrPtr*)( *_t92 + 0xc))();
							_v24 = _t134;
							_v16 = _t93 + 0x10;
							_v32 =  &_v16;
							_t96 = E00876A46( &_v16, _t140, 0x104);
							_v28 = _t96;
							__imp__SHGetFolderPathW(_t104, 0x26, _t104, _t104, _t96); // executed
							_t148 = _t96;
							_t97 = E00876A20( &_v32);
							if(_t96 >= 0) {
								E0087695A( &_v16, _t148);
								_t97 = E0087695A( &_v8, _t148);
								_t133 = _v16;
								if(_v16 != 0) {
									_t129 = _v8;
									if( *((intOrPtr*)(_v8 - 0xc)) >= _t104) {
										_t97 = E00876EB7(_t129, _t133);
										if(_t97 != 0) {
											_t134 = _t97 - _v8 >> 1;
										}
									}
								}
								_t104 = _t104 & 0xffffff00 | _t134 == 0x00000000;
							}
							_t76 = E00876BAA(E00876BAA(_t97,  &_v16),  &_v12);
							goto L18;
						}
					}
				}
			}



































0x008764b5
0x008764bc
0x00876640
0x00876640
0x00876645
0x0087664a
0x00876651
0x00876652
0x00876662
0x0087666e
0x00876672
0x00876678
0x0087667a
0x00876688
0x00876690
0x00876692
0x00876695
0x00876698
0x0087669b
0x008766a3
0x008766be
0x008766c0
0x008766c5
0x008766c7
0x008766de
0x008766e0
0x008766e0
0x008766c9
0x008766c9
0x008766ce
0x008766ce
0x008766ce
0x008766d4
0x008766d4
0x0087667c
0x0087667c
0x00876681
0x00876681
0x0087667c
0x008766e8
0x008764c2
0x008764c2
0x008764d4
0x008764d7
0x008764dd
0x008764e3
0x008764e6
0x008764ed
0x008764ef
0x008764fc
0x008764fe
0x00876505
0x00876631
0x00876634
0x0087663f
0x00876517
0x00876517
0x00876523
0x0087652a
0x00876546
0x00876534
0x0087653b
0x0087653b
0x0087655a
0x00876560
0x00876565
0x0087656f
0x00876567
0x00876567
0x00876567
0x0087657a
0x0087658d
0x00876594
0x00876599
0x0087659c
0x008765a1
0x008765a8
0x00000000
0x008765ae
0x008765b2
0x008765b8
0x008765bb
0x008765c8
0x008765cb
0x008765d6
0x008765d9
0x008765e2
0x008765e4
0x008765eb
0x008765f0
0x008765f8
0x008765fd
0x00876602
0x00876604
0x0087660a
0x0087660c
0x00876613
0x0087661a
0x0087661a
0x00876613
0x0087660a
0x0087661e
0x0087661e
0x0087662c
0x00000000
0x0087662c
0x008765a8
0x00876505

APIs
    • Part of subcall function 008762AA: GetProcessHeap.KERNEL32(008764BA), ref: 008762BB
  • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104), ref: 008764F3
  • PathRemoveFileSpecW.SHLWAPI(00000000,?,?,00000000), ref: 0087655A
  • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00000000,00000104), ref: 008765D9
    • Part of subcall function 00876BEE: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,00000000,?,?,80004005,?,?,00876528,00000000), ref: 00876C1F
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: FilePath$FindFolderHeapModuleNameProcessRemoveResourceSpec
  • String ID:
  • API String ID: 376116136-0
  • Opcode ID: 998562b46c2aed0a7a20203423f1ed6de4047d7ef750a98e3b06162bf292139e
  • Instruction ID: be8fdffa17aeb9af4b8f9384ae12738a6c8fc62b2d5b46ad40e6615886b472a9
  • Opcode Fuzzy Hash: 998562b46c2aed0a7a20203423f1ed6de4047d7ef750a98e3b06162bf292139e
  • Instruction Fuzzy Hash: 20417171D009199BCF04EBA8C8959EEBB78FF50310B50C169E919E7289FB30DA25DB91
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

C-Code - Quality: 100%
			E0087C0EA(int _a4) {
				void* _t8;
				void* _t10;

				if(E0087C11B(_t8, _t10) != 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E0087C13D(_a4);
				ExitProcess(_a4);
			}





0x0087c0f6
0x0087c102
0x0087c102
0x0087c10b
0x0087c114

APIs
  • GetCurrentProcess.KERNEL32(FFFFFFD8,?,0087C0E4,00884D18,0087BA60,?,FFFFFFD8,0B2D62B2,0087BA60,FFFFFFD8), ref: 0087C0FB
  • TerminateProcess.KERNEL32(00000000,?,0087C0E4,00884D18,0087BA60,?,FFFFFFD8,0B2D62B2,0087BA60,FFFFFFD8), ref: 0087C102
  • ExitProcess.KERNEL32 ref: 0087C114
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: 2a610adb6b0d073f22e5b8a3db7f3094d85e71b080c03f7658c11e7c125aa81c
  • Instruction ID: 504b69825aadeab3631944fbafa1206443e18203b04f63ae165a3751afeaa048
  • Opcode Fuzzy Hash: 2a610adb6b0d073f22e5b8a3db7f3094d85e71b080c03f7658c11e7c125aa81c
  • Instruction Fuzzy Hash: B1D06C71000548EFCF016F68DC0A9593F2AFB40381B948028B91D8A126CF35D9969BA2
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

C-Code - Quality: 100%
			E0087E89A() {
				WCHAR* _t1;
				void* _t3;
				void* _t17;
				WCHAR* _t19;

				_t1 = GetEnvironmentStringsW();
				_t19 = _t1;
				if(_t19 != 0) {
					_t11 = E0087E863(_t19) - _t19 & 0xfffffffe;
					_t3 = E0087FCEE(E0087E863(_t19) - _t19 & 0xfffffffe); // executed
					_t17 = _t3;
					if(_t17 != 0) {
						E00878160(_t17, _t19, _t11);
					}
					E0087D751(0);
					FreeEnvironmentStringsW(_t19);
					return _t17;
				} else {
					return _t1;
				}
			}







0x0087e89d
0x0087e8a3
0x0087e8a7
0x0087e8b7
0x0087e8bb
0x0087e8c0
0x0087e8c6
0x0087e8cb
0x0087e8d0
0x0087e8d5
0x0087e8dc
0x0087e8e7
0x0087e8aa
0x0087e8aa
0x0087e8aa

APIs
  • GetEnvironmentStringsW.KERNEL32(?,0087C581), ref: 0087E89D
  • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,0087C581), ref: 0087E8DC
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: EnvironmentStrings$Free
  • String ID:
  • API String ID: 3328510275-0
  • Opcode ID: 60932b6c619ab40e810d9373a5fdc45c0771ea2a1437220ffeca78a109aa1f99
  • Instruction ID: 02eedbe1ce59cdee8ded2b276ef2ad1ecff5e2ade81f87ecc6d1fbc81b85c35d
  • Opcode Fuzzy Hash: 60932b6c619ab40e810d9373a5fdc45c0771ea2a1437220ffeca78a109aa1f99
  • Instruction Fuzzy Hash: D5E09B7B609625669122327DBCCE99B2619EFC66717154175F819D528ADE20CC0341F3
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 125 87fcee-87fcfa 126 87fd2c-87fd37 call 87bd1b 125->126 127 87fcfc-87fcfe 125->127 134 87fd39-87fd3b 126->134 129 87fd17-87fd28 RtlAllocateHeap 127->129 130 87fd00-87fd01 127->130 131 87fd03-87fd0a call 87ce81 129->131 132 87fd2a 129->132 130->129 131->126 137 87fd0c-87fd15 call 87ef81 131->137 132->134 137->126 137->129
C-Code - Quality: 100%
			E0087FCEE(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E0087BD1B())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x8871e0, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E0087CE81();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E0087EF81(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






0x0087fcf4
0x0087fcfa
0x0087fd2c
0x0087fd31
0x0087fd37
0x00000000
0x0087fd37
0x0087fcfe
0x0087fd00
0x0087fd00
0x0087fd17
0x0087fd20
0x0087fd28
0x00000000
0x00000000
0x0087fd08
0x0087fd0a
0x00000000
0x00000000
0x0087fd0d
0x0087fd13
0x0087fd15
0x00000000
0x00000000
0x0087fd15
0x00000000

APIs
  • RtlAllocateHeap.NTDLL(00000000,00000000,0087CADD,?,0087D7D3,00884D18,00000000,?,0087BD92,00000000,0087CADD,0088743C,?,00887438,?,0087C8D7), ref: 0087FD20
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: AllocateHeap
  • String ID:
  • API String ID: 1279760036-0
  • Opcode ID: 96776bf13b55ba55da263dcfb3a878e58d4a396c3534b95d0c5a37dfa022b0c0
  • Instruction ID: 9509d2120f6658881ad0bfdb1f538ca5b4ef9cb228e56a9ad2010e611a14db1a
  • Opcode Fuzzy Hash: 96776bf13b55ba55da263dcfb3a878e58d4a396c3534b95d0c5a37dfa022b0c0
  • Instruction Fuzzy Hash: BCE0A93210062996EB30263B9C00B5A3E59FF013B0F2A8231FA0DD209BCB64CC0182E2
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

C-Code - Quality: 79%
			E0087BA61(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x886008; // 0xb2d62b2
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00877A08(_t41);
					_pop(_t62);
				}
				E00879680(_t67,  &_v804, 0, 0x50);
				E00879680(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0xc3e90088
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x884d1c
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0x7454b9c3
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x8868e0
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xff2292e9
				_v800 =  *_t32;
				_t34 =  &_v0; // 0xc3e90088
				_v792 =  *_t34;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x8849f0
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0xb9ffff14
					_push( *_t38);
					E00877A08(_t57);
				}
				_t39 =  &_v8; // 0xffff57b7
				return E00877061( *_t39 ^ _t70);
			}





































0x0087ba61
0x0087ba61
0x0087ba61
0x0087ba61
0x0087ba6c
0x0087ba71
0x0087ba73
0x0087ba7b
0x0087ba7d
0x0087ba80
0x0087ba85
0x0087ba85
0x0087ba91
0x0087baa4
0x0087bab2
0x0087bab8
0x0087babe
0x0087bac4
0x0087baca
0x0087bad0
0x0087bad6
0x0087badc
0x0087bae2
0x0087bae8
0x0087baef
0x0087baf6
0x0087bafd
0x0087bb04
0x0087bb0b
0x0087bb12
0x0087bb13
0x0087bb19
0x0087bb1c
0x0087bb22
0x0087bb22
0x0087bb25
0x0087bb2b
0x0087bb35
0x0087bb38
0x0087bb3e
0x0087bb41
0x0087bb47
0x0087bb4a
0x0087bb50
0x0087bb53
0x0087bb61
0x0087bb63
0x0087bb69
0x0087bb78
0x0087bb84
0x0087bb84
0x0087bb87
0x0087bb8c
0x0087bb8d
0x0087bb99

APIs
  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0087BB59
  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0087BB63
  • UnhandledExceptionFilter.KERNEL32(008849F0,?,?,?,?,?,00000000), ref: 0087BB70
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$DebuggerPresent
  • String ID:
  • API String ID: 3906539128-0
  • Opcode ID: 7c149342a4a8950c8251fe6fb7ac7321ab94e7678481af1debae3dcb5fdab1ba
  • Instruction ID: 6e7b6004c02726252d0c2e384f48eb7dc7b8a396080dd974dc55e9ebf213134e
  • Opcode Fuzzy Hash: 7c149342a4a8950c8251fe6fb7ac7321ab94e7678481af1debae3dcb5fdab1ba
  • Instruction Fuzzy Hash: 0831B57490122C9BCB21DF68DC89B8CB7B8FF08310F5045EAE41CA6250E7709F858F45
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00876189(struct HINSTANCE__* __ecx, struct HRSRC__* __edx, signed int _a4) {
				void* _t5;
				struct HINSTANCE__* _t11;
				void* _t13;
				signed int _t16;
				struct HRSRC__* _t17;
				signed short* _t18;

				_t17 = __edx;
				_t11 = __ecx;
				_t5 = LoadResource(__ecx, __edx);
				if(_t5 == 0) {
					L8:
					return 0;
				}
				_t18 = LockResource(_t5);
				if(_t18 == 0) {
					goto L8;
				}
				_t13 = _t18 + SizeofResource(_t11, _t17);
				_t16 = _a4 & 0x0000000f;
				if(_t16 <= 0) {
					L5:
					if(_t18 >= _t13 ||  *_t18 == 0) {
						goto L8;
					} else {
						return _t18;
					}
				}
				while(_t18 < _t13) {
					_t18 =  &(( &(_t18[ *_t18 & 0x0000ffff]))[1]);
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L5;
				}
				goto L8;
			}









0x0087618f
0x00876191
0x00876195
0x0087619d
0x008761df
0x00000000
0x008761df
0x008761a6
0x008761aa
0x00000000
0x00000000
0x008761b7
0x008761ba
0x008761bd
0x008761d1
0x008761d3
0x00000000
0x008761db
0x00000000
0x008761db
0x008761d3
0x008761bf
0x008761c9
0x008761cc
0x008761cf
0x00000000
0x00000000
0x00000000
0x008761cf
0x00000000

APIs
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: Resource$LoadLockSizeof
  • String ID:
  • API String ID: 2853612939-0
  • Opcode ID: aae94542aa4d4391ab211fb68bedf51fce65073d4cf97ad2886009946c6528b8
  • Instruction ID: 8faba221bc776bf6f5dd857389e38a45a999aae5cccfe4e65492e6836d2fb805
  • Opcode Fuzzy Hash: aae94542aa4d4391ab211fb68bedf51fce65073d4cf97ad2886009946c6528b8
  • Instruction Fuzzy Hash: 00F0C232A04A359F8B311A299C4C867B7ACFB80756389842AEC4DD311EFE70DD5493B0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00883E2B(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E00881F1B(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E00881E87(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























0x00883e39
0x00883e40
0x00883e45
0x00883e4b
0x00883e4e
0x00883e54
0x00883e59
0x00883e5e
0x00883e5e
0x00883e64
0x00883e69
0x00883e6e
0x00883e6e
0x00883e75
0x00883e7a
0x00883e7f
0x00883e7f
0x00883e86
0x00883e8b
0x00883e90
0x00883e90
0x00883e97
0x00883e9c
0x00883ea1
0x00883ea1
0x00883ea9
0x00883eb9
0x00883ecb
0x00883edd
0x00883ef0
0x00883f02
0x00883f0a
0x00883f0f
0x00883f14
0x00883f14
0x00883f1b
0x00883f20
0x00883f20
0x00883f27
0x00883f2c
0x00883f2c
0x00883f33
0x00883f38
0x00883f38
0x00883f3f
0x00883f44
0x00883f44
0x00883f4e
0x00883f50
0x00883f8a
0x00883f52
0x00883f57
0x00883f7b
0x00883f83
0x00883f77
0x00883f77
0x00883f8d
0x00883f94
0x00883f96
0x00883fb8
0x00883fc0
0x00883fc3
0x00883fc3
0x00883fc5
0x00883fc5
0x00883fd0
0x00883fd6
0x00883fdb
0x00883fe2
0x0088401c
0x00884027
0x0088402d
0x00884030
0x00884033
0x0088403f
0x00884047
0x00883fe4
0x00883fe7
0x00883ff3
0x00883ff9
0x00883fff
0x00884002
0x0088400b
0x0088400b
0x0088404a
0x00884058
0x0088405e
0x00884061
0x00884066
0x00884068
0x0088406b
0x0088406b
0x00884070
0x00884072
0x00884075
0x00884075
0x0088407a
0x0088407c
0x0088407f
0x0088407f
0x00884084
0x00884086
0x00884089
0x00884089
0x0088408e
0x00884090
0x00884090
0x0088409d
0x008840a0
0x008840d7
0x008840a2
0x008840a2
0x008840a5
0x008840d0
0x008840c5
0x008840c5
0x008840d9
0x008840e1
0x008840e4
0x00884103
0x00884108
0x00884108
0x0088410a
0x0088410f
0x0088411b
0x00884111
0x00884114
0x00884114
0x00884120
0x00884120
0x008840e6
0x008840e9
0x008840f8
0x00000000
0x008840f8
0x008840eb
0x008840ee
0x008840f0
0x008840f0
0x00000000
0x008840ee
0x008840a7
0x008840aa
0x008840c0
0x00000000
0x008840c0
0x008840af
0x008840b1
0x008840b1
0x008840af
0x00000000
0x008840a0
0x00883f9d
0x00883fab
0x00883fb3
0x00000000
0x00883fb3
0x00883fa1
0x00883fa6
0x00883fa6
0x00000000
0x00883fa1
0x00883f5e
0x00883f6c
0x00883f74
0x00000000
0x00883f74
0x00883f62
0x00883f67
0x00883f67
0x00883f62

APIs
  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00883E26,?,?,00000008,?,?,00883A30,00000000), ref: 00884058
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: ExceptionRaise
  • String ID:
  • API String ID: 3997070919-0
  • Opcode ID: 6daa623f8a76d5b9f25d517a96c17f8963cf08dde66e0146376ad3ddd8d51f8f
  • Instruction ID: 99a2f67a10dc652b3513d5d2f23fb935cf8725df2948352c2060c3358002e403
  • Opcode Fuzzy Hash: 6daa623f8a76d5b9f25d517a96c17f8963cf08dde66e0146376ad3ddd8d51f8f
  • Instruction Fuzzy Hash: 96B16D32610609CFD718DF28C48AB657BF0FF45364F258658E99ACF2A1C735EA82CB40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 69%
			E0087DB25(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				char* _v28;
				signed short* _v32;
				WCHAR* _v36;
				signed int _v48;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				signed int _v612;
				signed int _v616;
				intOrPtr _v620;
				char* _v648;
				intOrPtr _t44;
				void* _t49;
				signed int _t52;
				signed char _t54;
				void* _t63;
				intOrPtr _t65;
				int _t70;
				void* _t86;
				void* _t88;
				void* _t92;
				union _FINDEX_INFO_LEVELS _t93;
				intOrPtr* _t94;
				void* _t96;
				intOrPtr* _t99;
				intOrPtr _t102;
				void* _t104;
				char* _t105;
				void* _t113;
				signed short* _t114;
				signed int _t120;
				WCHAR* _t121;
				intOrPtr _t123;
				void* _t126;
				void* _t132;
				signed int _t133;
				void* _t134;

				_push(__ecx);
				_t99 = _a4;
				_push(__ebx);
				_push(__edi);
				_t2 = _t99 + 2; // 0x2
				_t113 = _t2;
				do {
					_t44 =  *_t99;
					_t99 = _t99 + 2;
				} while (_t44 != 0);
				_t120 = _a12;
				_t102 = (_t99 - _t113 >> 1) + 1;
				_v8 = _t102;
				if(_t102 <=  !_t120) {
					_push(__esi);
					_t5 = _t120 + 1; // 0x1
					_t92 = _t5 + _t102;
					_t126 = E0087D8F8(_t92, 2);
					_pop(_t104);
					if(_t120 == 0) {
						L7:
						_push(_v8);
						_t92 = _t92 - _t120;
						_t49 = E0087F7CE(_t104, _t126 + _t120 * 2, _t92, _a4);
						_t133 = _t132 + 0x10;
						if(_t49 != 0) {
							goto L12;
						} else {
							_t123 = _a16;
							_t96 = E0087DE1E(_t123);
							if(_t96 == 0) {
								 *((intOrPtr*)( *((intOrPtr*)(_t123 + 4)))) = _t126;
								 *((intOrPtr*)(_t123 + 4)) =  *((intOrPtr*)(_t123 + 4)) + 4;
								_t96 = 0;
							} else {
								E0087D751(_t126);
							}
							E0087D751(0);
							_t86 = _t96;
							goto L4;
						}
					} else {
						_push(_t120);
						_t88 = E0087F7CE(_t104, _t126, _t92, _a8);
						_t133 = _t132 + 0x10;
						if(_t88 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0087BC6D();
							asm("int3");
							_t131 = _t133;
							_t134 = _t133 - 0x264;
							_t52 =  *0x886008; // 0xb2d62b2
							_v48 = _t52 ^ _t133;
							_t114 = _v32;
							_t105 = _v28;
							_push(_t92);
							_push(_t126);
							_push(_t120);
							_t121 = _v36;
							_v648 = _t105;
							if(_t114 != _t121) {
								while(E0087DDFA( *_t114 & 0x0000ffff) == 0) {
									_t114 = _t114 - 2;
									if(_t114 != _t121) {
										continue;
									}
									break;
								}
								_t105 = _v612;
							}
							_t127 =  *_t114 & 0x0000ffff;
							if(( *_t114 & 0x0000ffff) != 0x3a || _t114 ==  &(_t121[1])) {
								_t105 =  &_v605;
								_t54 = E0087DDFA(_t127);
								asm("sbb eax, eax");
								_t93 = 0;
								_v616 =  ~(_t54 & 0x000000ff) & (_t114 - _t121 >> 0x00000001) + 0x00000001;
								_t127 = FindFirstFileExW(_t121, 0,  &_v604, 0, 0, 0);
								if(_t127 != 0xffffffff) {
									_t94 = _v612;
									_v612 =  *((intOrPtr*)(_t94 + 4)) -  *_t94 >> 2;
									_t63 = 0x2e;
									do {
										if(_v604.cFileName != _t63 || _v558 != 0 && (_v558 != _t63 || _v556 != 0)) {
											_push(_t94);
											_t65 = E0087DB25(_t94, _t105, _t121, _t127,  &(_v604.cFileName), _t121, _v616);
											_t134 = _t134 + 0x10;
											_v620 = _t65;
											if(_t65 != 0) {
												FindClose(_t127);
											} else {
												goto L29;
											}
										} else {
											goto L29;
										}
										goto L34;
										L29:
										_t70 = FindNextFileW(_t127,  &_v604);
										_t63 = 0x2e;
									} while (_t70 != 0);
									_t118 =  *_t94;
									_t108 = _v612;
									_t73 =  *((intOrPtr*)(_t94 + 4)) -  *_t94 >> 2;
									if(_v612 !=  *((intOrPtr*)(_t94 + 4)) -  *_t94 >> 2) {
										E008808B0(_t94, _t121, _t127, _t118 + _t108 * 4, _t73 - _t108, 4, E0087D955);
									}
									FindClose(_t127);
								} else {
									_push(_v612);
									goto L20;
								}
							} else {
								_push(_t105);
								_t93 = 0;
								L20:
								E0087DB25(_t93, _t105, _t121, _t127, _t121, _t93, _t93);
							}
							L34:
							return E00877061(_v12 ^ _t131);
						} else {
							goto L7;
						}
					}
				} else {
					_t86 = 0xc;
					L4:
					return _t86;
				}
			}











































0x0087db2a
0x0087db2b
0x0087db2e
0x0087db2f
0x0087db32
0x0087db32
0x0087db35
0x0087db35
0x0087db38
0x0087db3b
0x0087db40
0x0087db49
0x0087db4c
0x0087db51
0x0087db5a
0x0087db5b
0x0087db5e
0x0087db68
0x0087db6b
0x0087db6e
0x0087db82
0x0087db82
0x0087db85
0x0087db8f
0x0087db94
0x0087db99
0x00000000
0x0087db9b
0x0087db9b
0x0087dba5
0x0087dba9
0x0087dbb7
0x0087dbb9
0x0087dbbd
0x0087dbab
0x0087dbac
0x0087dbb1
0x0087dbc1
0x0087dbc7
0x00000000
0x0087dbc9
0x0087db70
0x0087db70
0x0087db76
0x0087db7b
0x0087db80
0x0087dbcc
0x0087dbce
0x0087dbcf
0x0087dbd0
0x0087dbd1
0x0087dbd2
0x0087dbd3
0x0087dbd8
0x0087dbdc
0x0087dbde
0x0087dbe4
0x0087dbeb
0x0087dbee
0x0087dbf1
0x0087dbf4
0x0087dbf5
0x0087dbf6
0x0087dbf7
0x0087dbfa
0x0087dc02
0x0087dc04
0x0087dc17
0x0087dc1c
0x00000000
0x00000000
0x00000000
0x0087dc1c
0x0087dc1e
0x0087dc1e
0x0087dc24
0x0087dc2a
0x0087dc47
0x0087dc4d
0x0087dc5c
0x0087dc5e
0x0087dc65
0x0087dc7a
0x0087dc7f
0x0087dc89
0x0087dc99
0x0087dc9f
0x0087dca0
0x0087dca7
0x0087dcc6
0x0087dcd5
0x0087dcda
0x0087dcdd
0x0087dce5
0x0087dd34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0087dce7
0x0087dcef
0x0087dcf9
0x0087dcf9
0x0087dcff
0x0087dd03
0x0087dd09
0x0087dd0e
0x0087dd29
0x0087dd2e
0x0087dd11
0x0087dc81
0x0087dc81
0x00000000
0x0087dc81
0x0087dc33
0x0087dc33
0x0087dc34
0x0087dc36
0x0087dc39
0x0087dc3e
0x0087dd40
0x0087dd4e
0x00000000
0x00000000
0x00000000
0x0087db80
0x0087db53
0x0087db55
0x0087db56
0x0087db59
0x0087db59

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 307baf608d6935e2b8be20d7300b4dd482b0ecd632bd59bdca3720e4257f83d3
  • Instruction ID: 82af4d27735cbb38410b11824a514eefc120cc24cd9b3872782cdaf04d194b31
  • Opcode Fuzzy Hash: 307baf608d6935e2b8be20d7300b4dd482b0ecd632bd59bdca3720e4257f83d3
  • Instruction Fuzzy Hash: B3318172900319AFCB24DEADCC85DAAB7B9FF84350F148559F919D7248EA30EE408B60
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0087ECCC() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x8871e0 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




0x0087eccc
0x0087ecd4
0x0087ecdc

APIs
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: HeapProcess
  • String ID:
  • API String ID: 54951025-0
  • Opcode ID: ed4b4320065f6673614ab89c93bac479b38894fd9fb01f1af6929e4c2cac0cad
  • Instruction ID: d7b9e845c28532f38b1f524bcce1f22d376a5cc855b91f3bdd5e560b0281d425
  • Opcode Fuzzy Hash: ed4b4320065f6673614ab89c93bac479b38894fd9fb01f1af6929e4c2cac0cad
  • Instruction Fuzzy Hash: 53A011B0200A00CB83808F38AA0820A3AA8BA00AC0320002AE008C8020EB3880088B00
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00878FB7(void* __edx, void* __esi) {
				signed int _t136;
				signed char _t137;
				signed char _t138;
				signed char _t139;
				signed char _t140;
				signed char _t142;
				signed int _t185;
				void* _t207;
				void* _t212;
				void* _t216;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t232;
				void* _t235;

				_t235 = __esi;
				_t207 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t185 = 0;
					goto L12;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi != 0) {
						L8:
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 - 1;
						L12:
						if(_t185 != 0) {
							L2:
							_t136 = _t185;
							return _t136;
						}
						_t137 =  *(_t235 - 0x1a);
						if(_t137 ==  *(_t207 - 0x1a)) {
							_t185 = 0;
							L21:
							if(_t185 != 0) {
								goto L2;
							}
							_t138 =  *(_t235 - 0x16);
							if(_t138 ==  *(_t207 - 0x16)) {
								_t185 = 0;
								L30:
								if(_t185 != 0) {
									goto L2;
								}
								_t139 =  *(_t235 - 0x12);
								if(_t139 ==  *(_t207 - 0x12)) {
									_t185 = 0;
									L39:
									if(_t185 != 0) {
										goto L2;
									}
									_t140 =  *(_t235 - 0xe);
									if(_t140 ==  *(_t207 - 0xe)) {
										_t185 = 0;
										L48:
										if(_t185 != 0) {
											goto L2;
										}
										if( *(_t235 - 0xa) ==  *(_t207 - 0xa)) {
											_t185 = 0;
											L57:
											if(_t185 != 0) {
												goto L2;
											}
											_t142 =  *(_t235 - 6);
											if(_t142 ==  *(_t207 - 6)) {
												_t185 = 0;
												L66:
												if(_t185 == 0 &&  *((intOrPtr*)(_t235 - 2)) ==  *((intOrPtr*)(_t207 - 2))) {
												}
												goto L2;
											}
											_t212 = (_t142 & 0x000000ff) - ( *(_t207 - 6) & 0x000000ff);
											if(_t212 != 0) {
												L62:
												_t185 = (0 | _t212 > 0x00000000) * 2 - 1;
												goto L66;
											}
											_t212 = ( *(_t235 - 5) & 0x000000ff) - ( *(_t207 - 5) & 0x000000ff);
											if(_t212 != 0) {
												goto L62;
											}
											_t212 = ( *(_t235 - 4) & 0x000000ff) - ( *(_t207 - 4) & 0x000000ff);
											if(_t212 == 0) {
												_t185 = ( *(_t235 - 3) & 0x000000ff) - ( *(_t207 - 3) & 0x000000ff);
												if(_t185 != 0) {
													_t185 = (0 | _t185 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											goto L62;
										}
										_t216 = ( *(_t235 - 0xa) & 0x000000ff) - ( *(_t207 - 0xa) & 0x000000ff);
										if(_t216 != 0) {
											L53:
											_t185 = (0 | _t216 > 0x00000000) * 2 - 1;
											goto L57;
										}
										_t216 = ( *(_t235 - 9) & 0x000000ff) - ( *(_t207 - 9) & 0x000000ff);
										if(_t216 != 0) {
											goto L53;
										}
										_t216 = ( *(_t235 - 8) & 0x000000ff) - ( *(_t207 - 8) & 0x000000ff);
										if(_t216 == 0) {
											_t185 = ( *(_t235 - 7) & 0x000000ff) - ( *(_t207 - 7) & 0x000000ff);
											if(_t185 != 0) {
												_t185 = (0 | _t185 > 0x00000000) * 2 - 1;
											}
											goto L57;
										}
										goto L53;
									}
									_t220 = (_t140 & 0x000000ff) - ( *(_t207 - 0xe) & 0x000000ff);
									if(_t220 != 0) {
										L44:
										_t185 = (0 | _t220 > 0x00000000) * 2 - 1;
										goto L48;
									}
									_t220 = ( *(_t235 - 0xd) & 0x000000ff) - ( *(_t207 - 0xd) & 0x000000ff);
									if(_t220 != 0) {
										goto L44;
									}
									_t220 = ( *(_t235 - 0xc) & 0x000000ff) - ( *(_t207 - 0xc) & 0x000000ff);
									if(_t220 == 0) {
										_t185 = ( *(_t235 - 0xb) & 0x000000ff) - ( *(_t207 - 0xb) & 0x000000ff);
										if(_t185 != 0) {
											_t185 = (0 | _t185 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									goto L44;
								}
								_t224 = (_t139 & 0x000000ff) - ( *(_t207 - 0x12) & 0x000000ff);
								if(_t224 != 0) {
									L35:
									_t185 = (0 | _t224 > 0x00000000) * 2 - 1;
									goto L39;
								}
								_t224 = ( *(_t235 - 0x11) & 0x000000ff) - ( *(_t207 - 0x11) & 0x000000ff);
								if(_t224 != 0) {
									goto L35;
								}
								_t224 = ( *(_t235 - 0x10) & 0x000000ff) - ( *(_t207 - 0x10) & 0x000000ff);
								if(_t224 == 0) {
									_t185 = ( *(_t235 - 0xf) & 0x000000ff) - ( *(_t207 - 0xf) & 0x000000ff);
									if(_t185 != 0) {
										_t185 = (0 | _t185 > 0x00000000) * 2 - 1;
									}
									goto L39;
								}
								goto L35;
							}
							_t228 = (_t138 & 0x000000ff) - ( *(_t207 - 0x16) & 0x000000ff);
							if(_t228 != 0) {
								L26:
								_t185 = (0 | _t228 > 0x00000000) * 2 - 1;
								goto L30;
							}
							_t228 = ( *(_t235 - 0x15) & 0x000000ff) - ( *(_t207 - 0x15) & 0x000000ff);
							if(_t228 != 0) {
								goto L26;
							}
							_t228 = ( *(_t235 - 0x14) & 0x000000ff) - ( *(_t207 - 0x14) & 0x000000ff);
							if(_t228 == 0) {
								_t185 = ( *(_t235 - 0x13) & 0x000000ff) - ( *(_t207 - 0x13) & 0x000000ff);
								if(_t185 != 0) {
									_t185 = (0 | _t185 > 0x00000000) * 2 - 1;
								}
								goto L30;
							}
							goto L26;
						}
						_t232 = (_t137 & 0x000000ff) - ( *(_t207 - 0x1a) & 0x000000ff);
						if(_t232 != 0) {
							L17:
							_t185 = (0 | _t232 > 0x00000000) * 2 - 1;
							goto L21;
						}
						_t232 = ( *(_t235 - 0x19) & 0x000000ff) - ( *(_t207 - 0x19) & 0x000000ff);
						if(_t232 != 0) {
							goto L17;
						}
						_t232 = ( *(_t235 - 0x18) & 0x000000ff) - ( *(_t207 - 0x18) & 0x000000ff);
						if(_t232 == 0) {
							_t185 = ( *(_t235 - 0x17) & 0x000000ff) - ( *(_t207 - 0x17) & 0x000000ff);
							if(_t185 != 0) {
								_t185 = (0 | _t185 > 0x00000000) * 2 - 1;
							}
							goto L21;
						}
						goto L17;
					}
					__edi =  *(__esi - 0x1d) & 0x000000ff;
					__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi != 0) {
						goto L8;
					}
					__edi =  *(__esi - 0x1c) & 0x000000ff;
					__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
					if(__edi == 0) {
						__ecx =  *(__esi - 0x1b) & 0x000000ff;
						__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
						if(__ecx != 0) {
							__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
						}
						goto L12;
					}
					goto L8;
				}
			}


















0x00878fb7
0x00878fb7
0x00878fbd
0x0087900e
0x00000000
0x00878fbf
0x00878fbf
0x00878fc6
0x00878fc8
0x00878fe2
0x00878fe6
0x00878fe9
0x00879010
0x00879012
0x00878ce8
0x00878ce8
0x008795f6
0x008795f6
0x00879018
0x0087901e
0x0087906f
0x00879071
0x00879073
0x00000000
0x00000000
0x00879079
0x0087907f
0x008790d0
0x008790d2
0x008790d4
0x00000000
0x00000000
0x008790da
0x008790e0
0x00879131
0x00879133
0x00879135
0x00000000
0x00000000
0x0087913b
0x00879141
0x00879192
0x00879194
0x00879196
0x00000000
0x00000000
0x008791a2
0x008791f4
0x008791f6
0x008791f8
0x00000000
0x00000000
0x008791fe
0x00879204
0x00879255
0x00879257
0x00879259
0x00879259
0x00000000
0x00879259
0x0087920d
0x0087920f
0x00879229
0x00879230
0x00000000
0x00879230
0x00879219
0x0087921b
0x00000000
0x00000000
0x00879225
0x00879227
0x00879241
0x00879243
0x0087924c
0x0087924c
0x00000000
0x00879243
0x00000000
0x00879227
0x008791ac
0x008791ae
0x008791c8
0x008791cf
0x00000000
0x008791cf
0x008791b8
0x008791ba
0x00000000
0x00000000
0x008791c4
0x008791c6
0x008791e0
0x008791e2
0x008791eb
0x008791eb
0x00000000
0x008791e2
0x00000000
0x008791c6
0x0087914a
0x0087914c
0x00879166
0x0087916d
0x00000000
0x0087916d
0x00879156
0x00879158
0x00000000
0x00000000
0x00879162
0x00879164
0x0087917e
0x00879180
0x00879189
0x00879189
0x00000000
0x00879180
0x00000000
0x00879164
0x008790e9
0x008790eb
0x00879105
0x0087910c
0x00000000
0x0087910c
0x008790f5
0x008790f7
0x00000000
0x00000000
0x00879101
0x00879103
0x0087911d
0x0087911f
0x00879128
0x00879128
0x00000000
0x0087911f
0x00000000
0x00879103
0x00879088
0x0087908a
0x008790a4
0x008790ab
0x00000000
0x008790ab
0x00879094
0x00879096
0x00000000
0x00000000
0x008790a0
0x008790a2
0x008790bc
0x008790be
0x008790c7
0x008790c7
0x00000000
0x008790be
0x00000000
0x008790a2
0x00879027
0x00879029
0x00879043
0x0087904a
0x00000000
0x0087904a
0x00879033
0x00879035
0x00000000
0x00000000
0x0087903f
0x00879041
0x0087905b
0x0087905d
0x00879066
0x00879066
0x00000000
0x0087905d
0x00000000
0x00879041
0x00878fca
0x00878fd2
0x00878fd4
0x00000000
0x00000000
0x00878fd6
0x00878fde
0x00878fe0
0x00878ff2
0x00878ffa
0x00878ffc
0x00879005
0x00879005
0x00000000
0x00878ffc
0x00000000
0x00878fe0

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
  • Instruction ID: 965bc984e9f51d3a4e0afe994057703ce3c6d97dbc37f15270c72049257b8598
  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
  • Instruction Fuzzy Hash: DC91A7321090E34ADB6A423E853803EFFF1FA523A171A479DD4FACA1D9EE24C564D630
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00879272(void* __edx, void* __esi) {
				signed int _t137;
				signed char _t138;
				signed char _t139;
				signed char _t140;
				signed char _t142;
				signed char _t143;
				signed int _t186;
				void* _t208;
				void* _t211;
				void* _t214;
				void* _t218;
				void* _t222;
				void* _t226;
				void* _t230;
				void* _t234;
				void* _t237;

				_t237 = __esi;
				_t208 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t186 = 0;
					goto L11;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi != 0) {
						L7:
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 - 1;
						L11:
						if(_t186 != 0) {
							goto L1;
						}
						_t138 =  *(_t237 - 0x1b);
						if(_t138 ==  *(_t208 - 0x1b)) {
							_t186 = 0;
							L20:
							if(_t186 != 0) {
								goto L1;
							}
							_t139 =  *(_t237 - 0x17);
							if(_t139 ==  *(_t208 - 0x17)) {
								_t186 = 0;
								L29:
								if(_t186 != 0) {
									goto L1;
								}
								_t140 =  *(_t237 - 0x13);
								if(_t140 ==  *(_t208 - 0x13)) {
									_t186 = 0;
									L38:
									if(_t186 != 0) {
										goto L1;
									}
									if( *(_t237 - 0xf) ==  *(_t208 - 0xf)) {
										_t186 = 0;
										L47:
										if(_t186 != 0) {
											goto L1;
										}
										_t142 =  *(_t237 - 0xb);
										if(_t142 ==  *(_t208 - 0xb)) {
											_t186 = 0;
											L56:
											if(_t186 != 0) {
												goto L1;
											}
											_t143 =  *(_t237 - 7);
											if(_t143 ==  *(_t208 - 7)) {
												_t186 = 0;
												L65:
												if(_t186 != 0) {
													goto L1;
												}
												_t211 = ( *(_t237 - 3) & 0x000000ff) - ( *(_t208 - 3) & 0x000000ff);
												if(_t211 != 0) {
													L68:
													_t186 = (0 | _t211 > 0x00000000) * 2 - 1;
													goto L1;
												}
												_t211 = ( *(_t237 - 2) & 0x000000ff) - ( *(_t208 - 2) & 0x000000ff);
												if(_t211 == 0) {
													_t186 = ( *(_t237 - 1) & 0x000000ff) - ( *(_t208 - 1) & 0x000000ff);
													if(_t186 != 0) {
														_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												goto L68;
											}
											_t214 = (_t143 & 0x000000ff) - ( *(_t208 - 7) & 0x000000ff);
											if(_t214 != 0) {
												L61:
												_t186 = (0 | _t214 > 0x00000000) * 2 - 1;
												goto L65;
											}
											_t214 = ( *(_t237 - 6) & 0x000000ff) - ( *(_t208 - 6) & 0x000000ff);
											if(_t214 != 0) {
												goto L61;
											}
											_t214 = ( *(_t237 - 5) & 0x000000ff) - ( *(_t208 - 5) & 0x000000ff);
											if(_t214 == 0) {
												_t186 = ( *(_t237 - 4) & 0x000000ff) - ( *(_t208 - 4) & 0x000000ff);
												if(_t186 != 0) {
													_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											goto L61;
										}
										_t218 = (_t142 & 0x000000ff) - ( *(_t208 - 0xb) & 0x000000ff);
										if(_t218 != 0) {
											L52:
											_t186 = (0 | _t218 > 0x00000000) * 2 - 1;
											goto L56;
										}
										_t218 = ( *(_t237 - 0xa) & 0x000000ff) - ( *(_t208 - 0xa) & 0x000000ff);
										if(_t218 != 0) {
											goto L52;
										}
										_t218 = ( *(_t237 - 9) & 0x000000ff) - ( *(_t208 - 9) & 0x000000ff);
										if(_t218 == 0) {
											_t186 = ( *(_t237 - 8) & 0x000000ff) - ( *(_t208 - 8) & 0x000000ff);
											if(_t186 != 0) {
												_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
											}
											goto L56;
										}
										goto L52;
									}
									_t222 = ( *(_t237 - 0xf) & 0x000000ff) - ( *(_t208 - 0xf) & 0x000000ff);
									if(_t222 != 0) {
										L43:
										_t186 = (0 | _t222 > 0x00000000) * 2 - 1;
										goto L47;
									}
									_t222 = ( *(_t237 - 0xe) & 0x000000ff) - ( *(_t208 - 0xe) & 0x000000ff);
									if(_t222 != 0) {
										goto L43;
									}
									_t222 = ( *(_t237 - 0xd) & 0x000000ff) - ( *(_t208 - 0xd) & 0x000000ff);
									if(_t222 == 0) {
										_t186 = ( *(_t237 - 0xc) & 0x000000ff) - ( *(_t208 - 0xc) & 0x000000ff);
										if(_t186 != 0) {
											_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									goto L43;
								}
								_t226 = (_t140 & 0x000000ff) - ( *(_t208 - 0x13) & 0x000000ff);
								if(_t226 != 0) {
									L34:
									_t186 = (0 | _t226 > 0x00000000) * 2 - 1;
									goto L38;
								}
								_t226 = ( *(_t237 - 0x12) & 0x000000ff) - ( *(_t208 - 0x12) & 0x000000ff);
								if(_t226 != 0) {
									goto L34;
								}
								_t226 = ( *(_t237 - 0x11) & 0x000000ff) - ( *(_t208 - 0x11) & 0x000000ff);
								if(_t226 == 0) {
									_t186 = ( *(_t237 - 0x10) & 0x000000ff) - ( *(_t208 - 0x10) & 0x000000ff);
									if(_t186 != 0) {
										_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
									}
									goto L38;
								}
								goto L34;
							}
							_t230 = (_t139 & 0x000000ff) - ( *(_t208 - 0x17) & 0x000000ff);
							if(_t230 != 0) {
								L25:
								_t186 = (0 | _t230 > 0x00000000) * 2 - 1;
								goto L29;
							}
							_t230 = ( *(_t237 - 0x16) & 0x000000ff) - ( *(_t208 - 0x16) & 0x000000ff);
							if(_t230 != 0) {
								goto L25;
							}
							_t230 = ( *(_t237 - 0x15) & 0x000000ff) - ( *(_t208 - 0x15) & 0x000000ff);
							if(_t230 == 0) {
								_t186 = ( *(_t237 - 0x14) & 0x000000ff) - ( *(_t208 - 0x14) & 0x000000ff);
								if(_t186 != 0) {
									_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
								}
								goto L29;
							}
							goto L25;
						}
						_t234 = (_t138 & 0x000000ff) - ( *(_t208 - 0x1b) & 0x000000ff);
						if(_t234 != 0) {
							L16:
							_t186 = (0 | _t234 > 0x00000000) * 2 - 1;
							goto L20;
						}
						_t234 = ( *(_t237 - 0x1a) & 0x000000ff) - ( *(_t208 - 0x1a) & 0x000000ff);
						if(_t234 != 0) {
							goto L16;
						}
						_t234 = ( *(_t237 - 0x19) & 0x000000ff) - ( *(_t208 - 0x19) & 0x000000ff);
						if(_t234 == 0) {
							_t186 = ( *(_t237 - 0x18) & 0x000000ff) - ( *(_t208 - 0x18) & 0x000000ff);
							if(_t186 != 0) {
								_t186 = (0 | _t186 > 0x00000000) * 2 - 1;
							}
							goto L20;
						}
						goto L16;
					}
					__edi =  *(__esi - 0x1e) & 0x000000ff;
					__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi != 0) {
						goto L7;
					}
					__edi =  *(__esi - 0x1d) & 0x000000ff;
					__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						__ecx =  *(__esi - 0x1c) & 0x000000ff;
						__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__ecx != 0) {
							__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
						}
						goto L11;
					}
					goto L7;
				}
				L1:
				_t137 = _t186;
				return _t137;
			}



















0x00879272
0x00879272
0x00879278
0x008792ca
0x00000000
0x0087927a
0x0087927e
0x00879282
0x00879284
0x0087929e
0x008792a2
0x008792a5
0x008792cc
0x008792ce
0x00000000
0x00000000
0x008792d4
0x008792da
0x0087932b
0x0087932d
0x0087932f
0x00000000
0x00000000
0x00879335
0x0087933b
0x0087938c
0x0087938e
0x00879390
0x00000000
0x00000000
0x00879396
0x0087939c
0x008793ed
0x008793ef
0x008793f1
0x00000000
0x00000000
0x008793fd
0x0087944f
0x00879451
0x00879453
0x00000000
0x00000000
0x00879459
0x0087945f
0x008794b0
0x008794b2
0x008794b4
0x00000000
0x00000000
0x008794ba
0x008794c0
0x00879511
0x00879513
0x00879515
0x00000000
0x00000000
0x00879523
0x00879525
0x00879537
0x0087953e
0x00000000
0x0087953e
0x0087952f
0x00879531
0x00878f9c
0x00878f9e
0x00878fab
0x00878fab
0x00000000
0x00878f9e
0x00000000
0x00879531
0x008794c9
0x008794cb
0x008794e5
0x008794ec
0x00000000
0x008794ec
0x008794d5
0x008794d7
0x00000000
0x00000000
0x008794e1
0x008794e3
0x008794fd
0x008794ff
0x00879508
0x00879508
0x00000000
0x008794ff
0x00000000
0x008794e3
0x00879468
0x0087946a
0x00879484
0x0087948b
0x00000000
0x0087948b
0x00879474
0x00879476
0x00000000
0x00000000
0x00879480
0x00879482
0x0087949c
0x0087949e
0x008794a7
0x008794a7
0x00000000
0x0087949e
0x00000000
0x00879482
0x00879407
0x00879409
0x00879423
0x0087942a
0x00000000
0x0087942a
0x00879413
0x00879415
0x00000000
0x00000000
0x0087941f
0x00879421
0x0087943b
0x0087943d
0x00879446
0x00879446
0x00000000
0x0087943d
0x00000000
0x00879421
0x008793a5
0x008793a7
0x008793c1
0x008793c8
0x00000000
0x008793c8
0x008793b1
0x008793b3
0x00000000
0x00000000
0x008793bd
0x008793bf
0x008793d9
0x008793db
0x008793e4
0x008793e4
0x00000000
0x008793db
0x00000000
0x008793bf
0x00879344
0x00879346
0x00879360
0x00879367
0x00000000
0x00879367
0x00879350
0x00879352
0x00000000
0x00000000
0x0087935c
0x0087935e
0x00879378
0x0087937a
0x00879383
0x00879383
0x00000000
0x0087937a
0x00000000
0x0087935e
0x008792e3
0x008792e5
0x008792ff
0x00879306
0x00000000
0x00879306
0x008792ef
0x008792f1
0x00000000
0x00000000
0x008792fb
0x008792fd
0x00879317
0x00879319
0x00879322
0x00879322
0x00000000
0x00879319
0x00000000
0x008792fd
0x00879286
0x0087928e
0x00879290
0x00000000
0x00000000
0x00879292
0x0087929a
0x0087929c
0x008792ae
0x008792b6
0x008792b8
0x008792c1
0x008792c1
0x00000000
0x008792b8
0x00000000
0x0087929c
0x00878ce8
0x00878ce8
0x008795f6

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
  • Instruction ID: 5f483ebdc81cb33d80d08201a2a862bb24dd82f5c7fe6293264bb61374bdd18e
  • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
  • Instruction Fuzzy Hash: D49195721090E34ADB6A423E857803DFFE1FA923A131A579DD4FACB1D9EE24C554E620
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00878CF0(void* __edx, void* __esi) {
				signed int _t128;
				signed char _t129;
				signed char _t130;
				signed char _t131;
				signed char _t132;
				signed char _t134;
				signed int _t175;
				void* _t195;
				void* _t198;
				void* _t202;
				void* _t206;
				void* _t210;
				void* _t214;
				void* _t218;
				void* _t221;

				_t221 = __esi;
				_t195 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t175 = 0;
					L9:
					if(_t175 != 0) {
						goto L1;
					}
					_t129 =  *(_t221 - 0x19);
					if(_t129 ==  *(_t195 - 0x19)) {
						_t175 = 0;
						L18:
						if(_t175 != 0) {
							goto L1;
						}
						_t130 =  *(_t221 - 0x15);
						if(_t130 ==  *(_t195 - 0x15)) {
							_t175 = 0;
							L27:
							if(_t175 != 0) {
								goto L1;
							}
							_t131 =  *(_t221 - 0x11);
							if(_t131 ==  *(_t195 - 0x11)) {
								_t175 = 0;
								L36:
								if(_t175 != 0) {
									goto L1;
								}
								_t132 =  *(_t221 - 0xd);
								if(_t132 ==  *(_t195 - 0xd)) {
									_t175 = 0;
									L45:
									if(_t175 != 0) {
										goto L1;
									}
									if( *(_t221 - 9) ==  *(_t195 - 9)) {
										_t175 = 0;
										L54:
										if(_t175 != 0) {
											goto L1;
										}
										_t134 =  *(_t221 - 5);
										if(_t134 ==  *(_t195 - 5)) {
											_t175 = 0;
											L63:
											if(_t175 == 0) {
												_t175 = ( *(_t221 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t175 != 0) {
													_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t198 = (_t134 & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
										if(_t198 != 0) {
											L59:
											_t175 = (0 | _t198 > 0x00000000) * 2 - 1;
											goto L63;
										}
										_t198 = ( *(_t221 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
										if(_t198 != 0) {
											goto L59;
										}
										_t198 = ( *(_t221 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
										if(_t198 == 0) {
											_t175 = ( *(_t221 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t175 != 0) {
												_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
											}
											goto L63;
										}
										goto L59;
									}
									_t202 = ( *(_t221 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
									if(_t202 != 0) {
										L50:
										_t175 = (0 | _t202 > 0x00000000) * 2 - 1;
										goto L54;
									}
									_t202 = ( *(_t221 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
									if(_t202 != 0) {
										goto L50;
									}
									_t202 = ( *(_t221 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
									if(_t202 == 0) {
										_t175 = ( *(_t221 - 6) & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t175 != 0) {
											_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
										}
										goto L54;
									}
									goto L50;
								}
								_t206 = (_t132 & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
								if(_t206 != 0) {
									L41:
									_t175 = (0 | _t206 > 0x00000000) * 2 - 1;
									goto L45;
								}
								_t206 = ( *(_t221 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
								if(_t206 != 0) {
									goto L41;
								}
								_t206 = ( *(_t221 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
								if(_t206 == 0) {
									_t175 = ( *(_t221 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t175 != 0) {
										_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
									}
									goto L45;
								}
								goto L41;
							}
							_t210 = (_t131 & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
							if(_t210 != 0) {
								L32:
								_t175 = (0 | _t210 > 0x00000000) * 2 - 1;
								goto L36;
							}
							_t210 = ( *(_t221 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
							if(_t210 != 0) {
								goto L32;
							}
							_t210 = ( *(_t221 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
							if(_t210 == 0) {
								_t175 = ( *(_t221 - 0xe) & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t175 != 0) {
									_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
								}
								goto L36;
							}
							goto L32;
						}
						_t214 = (_t130 & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
						if(_t214 != 0) {
							L23:
							_t175 = (0 | _t214 > 0x00000000) * 2 - 1;
							goto L27;
						}
						_t214 = ( *(_t221 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
						if(_t214 != 0) {
							goto L23;
						}
						_t214 = ( *(_t221 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
						if(_t214 == 0) {
							_t175 = ( *(_t221 - 0x12) & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t175 != 0) {
								_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
							}
							goto L27;
						}
						goto L23;
					}
					_t218 = (_t129 & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
					if(_t218 != 0) {
						L14:
						_t175 = (0 | _t218 > 0x00000000) * 2 - 1;
						goto L18;
					}
					_t218 = ( *(_t221 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
					if(_t218 != 0) {
						goto L14;
					}
					_t218 = ( *(_t221 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
					if(_t218 == 0) {
						_t175 = ( *(_t221 - 0x16) & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t175 != 0) {
							_t175 = (0 | _t175 > 0x00000000) * 2 - 1;
						}
						goto L18;
					}
					goto L14;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi != 0) {
						L5:
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 - 1;
						goto L9;
					}
					__edi =  *(__esi - 0x1c) & 0x000000ff;
					__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
					if(__edi != 0) {
						goto L5;
					}
					__edi =  *(__esi - 0x1b) & 0x000000ff;
					__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
					if(__edi == 0) {
						__ecx =  *(__esi - 0x1a) & 0x000000ff;
						__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
						if(__ecx != 0) {
							__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
						}
						goto L9;
					}
					goto L5;
				}
				L1:
				_t128 = _t175;
				return _t128;
			}


















0x00878cf0
0x00878cf0
0x00878cf6
0x00878d47
0x00878d49
0x00878d4b
0x00000000
0x00000000
0x00878d4d
0x00878d53
0x00878da4
0x00878da6
0x00878da8
0x00000000
0x00000000
0x00878dae
0x00878db4
0x00878e05
0x00878e07
0x00878e09
0x00000000
0x00000000
0x00878e0f
0x00878e15
0x00878e66
0x00878e68
0x00878e6a
0x00000000
0x00000000
0x00878e70
0x00878e76
0x00878ec7
0x00878ec9
0x00878ecb
0x00000000
0x00000000
0x00878ed7
0x00878f29
0x00878f2b
0x00878f2d
0x00000000
0x00000000
0x00878f33
0x00878f39
0x00878f8a
0x00878f8c
0x00878f8e
0x00878f9c
0x00878f9e
0x00878fab
0x00878fab
0x00878f9e
0x00000000
0x00878f8e
0x00878f42
0x00878f44
0x00878f5e
0x00878f65
0x00000000
0x00878f65
0x00878f4e
0x00878f50
0x00000000
0x00000000
0x00878f5a
0x00878f5c
0x00878f76
0x00878f78
0x00878f81
0x00878f81
0x00000000
0x00878f78
0x00000000
0x00878f5c
0x00878ee1
0x00878ee3
0x00878efd
0x00878f04
0x00000000
0x00878f04
0x00878eed
0x00878eef
0x00000000
0x00000000
0x00878ef9
0x00878efb
0x00878f15
0x00878f17
0x00878f20
0x00878f20
0x00000000
0x00878f17
0x00000000
0x00878efb
0x00878e7f
0x00878e81
0x00878e9b
0x00878ea2
0x00000000
0x00878ea2
0x00878e8b
0x00878e8d
0x00000000
0x00000000
0x00878e97
0x00878e99
0x00878eb3
0x00878eb5
0x00878ebe
0x00878ebe
0x00000000
0x00878eb5
0x00000000
0x00878e99
0x00878e1e
0x00878e20
0x00878e3a
0x00878e41
0x00000000
0x00878e41
0x00878e2a
0x00878e2c
0x00000000
0x00000000
0x00878e36
0x00878e38
0x00878e52
0x00878e54
0x00878e5d
0x00878e5d
0x00000000
0x00878e54
0x00000000
0x00878e38
0x00878dbd
0x00878dbf
0x00878dd9
0x00878de0
0x00000000
0x00878de0
0x00878dc9
0x00878dcb
0x00000000
0x00000000
0x00878dd5
0x00878dd7
0x00878df1
0x00878df3
0x00878dfc
0x00878dfc
0x00000000
0x00878df3
0x00000000
0x00878dd7
0x00878d5c
0x00878d5e
0x00878d78
0x00878d7f
0x00000000
0x00878d7f
0x00878d68
0x00878d6a
0x00000000
0x00000000
0x00878d74
0x00878d76
0x00878d90
0x00878d92
0x00878d9b
0x00878d9b
0x00000000
0x00878d92
0x00000000
0x00878cf8
0x00878cf8
0x00878cff
0x00878d01
0x00878d1b
0x00878d1f
0x00878d22
0x00000000
0x00878d22
0x00878d03
0x00878d0b
0x00878d0d
0x00000000
0x00000000
0x00878d0f
0x00878d17
0x00878d19
0x00878d2b
0x00878d33
0x00878d35
0x00878d3e
0x00878d3e
0x00000000
0x00878d35
0x00000000
0x00878d19
0x00878ce8
0x00878ce8
0x008795f6

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
  • Instruction ID: f1edc3441837b54992bd508835d554f39d00e52a34a792dd35122c0f3f0a06d0
  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
  • Instruction Fuzzy Hash: C49166332490A38EDB69463A857C43DFFE1EB923A131A479DD4FACB0C9EE24C554D620
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00878A46(void* __edx, void* __esi) {
				signed char _t121;
				void* _t122;
				signed char _t123;
				signed char _t124;
				signed char _t125;
				signed char _t127;
				signed char _t128;
				void* _t172;
				void* _t194;
				void* _t197;
				void* _t201;
				void* _t205;
				void* _t209;
				void* _t213;
				void* _t217;
				void* _t221;
				void* _t224;

				_t224 = __esi;
				_t194 = __edx;
				_t121 =  *(__esi - 0x1c);
				if(_t121 ==  *(__edx - 0x1c)) {
					_t172 = 0;
					L8:
					if(_t172 != 0) {
						L64:
						_t122 = _t172;
						return _t122;
					}
					_t123 =  *(_t224 - 0x18);
					if(_t123 ==  *(_t194 - 0x18)) {
						_t172 = 0;
						L17:
						if(_t172 != 0) {
							goto L64;
						}
						_t124 =  *(_t224 - 0x14);
						if(_t124 ==  *(_t194 - 0x14)) {
							_t172 = 0;
							L26:
							if(_t172 != 0) {
								goto L64;
							}
							_t125 =  *(_t224 - 0x10);
							if(_t125 ==  *(_t194 - 0x10)) {
								_t172 = 0;
								L35:
								if(_t172 != 0) {
									goto L64;
								}
								if( *(_t224 - 0xc) ==  *(_t194 - 0xc)) {
									_t172 = 0;
									L44:
									if(_t172 != 0) {
										goto L64;
									}
									_t127 =  *(_t224 - 8);
									if(_t127 ==  *(_t194 - 8)) {
										_t172 = 0;
										L53:
										if(_t172 != 0) {
											goto L64;
										}
										_t128 =  *(_t224 - 4);
										if(_t128 ==  *(_t194 - 4)) {
											_t172 = 0;
											L62:
											if(_t172 == 0) {
												_t172 = 0;
											}
											goto L64;
										}
										_t197 = (_t128 & 0x000000ff) - ( *(_t194 - 4) & 0x000000ff);
										if(_t197 != 0) {
											L58:
											_t172 = (0 | _t197 > 0x00000000) * 2 - 1;
											goto L62;
										}
										_t197 = ( *(_t224 - 3) & 0x000000ff) - ( *(_t194 - 3) & 0x000000ff);
										if(_t197 != 0) {
											goto L58;
										}
										_t197 = ( *(_t224 - 2) & 0x000000ff) - ( *(_t194 - 2) & 0x000000ff);
										if(_t197 == 0) {
											_t172 = ( *(_t224 - 1) & 0x000000ff) - ( *(_t194 - 1) & 0x000000ff);
											if(_t172 != 0) {
												_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
											}
											goto L62;
										}
										goto L58;
									}
									_t201 = (_t127 & 0x000000ff) - ( *(_t194 - 8) & 0x000000ff);
									if(_t201 != 0) {
										L49:
										_t172 = (0 | _t201 > 0x00000000) * 2 - 1;
										goto L53;
									}
									_t201 = ( *(_t224 - 7) & 0x000000ff) - ( *(_t194 - 7) & 0x000000ff);
									if(_t201 != 0) {
										goto L49;
									}
									_t201 = ( *(_t224 - 6) & 0x000000ff) - ( *(_t194 - 6) & 0x000000ff);
									if(_t201 == 0) {
										_t172 = ( *(_t224 - 5) & 0x000000ff) - ( *(_t194 - 5) & 0x000000ff);
										if(_t172 != 0) {
											_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
										}
										goto L53;
									}
									goto L49;
								}
								_t205 = ( *(_t224 - 0xc) & 0x000000ff) - ( *(_t194 - 0xc) & 0x000000ff);
								if(_t205 != 0) {
									L40:
									_t172 = (0 | _t205 > 0x00000000) * 2 - 1;
									goto L44;
								}
								_t205 = ( *(_t224 - 0xb) & 0x000000ff) - ( *(_t194 - 0xb) & 0x000000ff);
								if(_t205 != 0) {
									goto L40;
								}
								_t205 = ( *(_t224 - 0xa) & 0x000000ff) - ( *(_t194 - 0xa) & 0x000000ff);
								if(_t205 == 0) {
									_t172 = ( *(_t224 - 9) & 0x000000ff) - ( *(_t194 - 9) & 0x000000ff);
									if(_t172 != 0) {
										_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
									}
									goto L44;
								}
								goto L40;
							}
							_t209 = (_t125 & 0x000000ff) - ( *(_t194 - 0x10) & 0x000000ff);
							if(_t209 != 0) {
								L31:
								_t172 = (0 | _t209 > 0x00000000) * 2 - 1;
								goto L35;
							}
							_t209 = ( *(_t224 - 0xf) & 0x000000ff) - ( *(_t194 - 0xf) & 0x000000ff);
							if(_t209 != 0) {
								goto L31;
							}
							_t209 = ( *(_t224 - 0xe) & 0x000000ff) - ( *(_t194 - 0xe) & 0x000000ff);
							if(_t209 == 0) {
								_t172 = ( *(_t224 - 0xd) & 0x000000ff) - ( *(_t194 - 0xd) & 0x000000ff);
								if(_t172 != 0) {
									_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
								}
								goto L35;
							}
							goto L31;
						}
						_t213 = (_t124 & 0x000000ff) - ( *(_t194 - 0x14) & 0x000000ff);
						if(_t213 != 0) {
							L22:
							_t172 = (0 | _t213 > 0x00000000) * 2 - 1;
							goto L26;
						}
						_t213 = ( *(_t224 - 0x13) & 0x000000ff) - ( *(_t194 - 0x13) & 0x000000ff);
						if(_t213 != 0) {
							goto L22;
						}
						_t213 = ( *(_t224 - 0x12) & 0x000000ff) - ( *(_t194 - 0x12) & 0x000000ff);
						if(_t213 == 0) {
							_t172 = ( *(_t224 - 0x11) & 0x000000ff) - ( *(_t194 - 0x11) & 0x000000ff);
							if(_t172 != 0) {
								_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
							}
							goto L26;
						}
						goto L22;
					}
					_t217 = (_t123 & 0x000000ff) - ( *(_t194 - 0x18) & 0x000000ff);
					if(_t217 != 0) {
						L13:
						_t172 = (0 | _t217 > 0x00000000) * 2 - 1;
						goto L17;
					}
					_t217 = ( *(_t224 - 0x17) & 0x000000ff) - ( *(_t194 - 0x17) & 0x000000ff);
					if(_t217 != 0) {
						goto L13;
					}
					_t217 = ( *(_t224 - 0x16) & 0x000000ff) - ( *(_t194 - 0x16) & 0x000000ff);
					if(_t217 == 0) {
						_t172 = ( *(_t224 - 0x15) & 0x000000ff) - ( *(_t194 - 0x15) & 0x000000ff);
						if(_t172 != 0) {
							_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
						}
						goto L17;
					}
					goto L13;
				}
				_t221 = (_t121 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t221 != 0) {
					L4:
					_t172 = (0 | _t221 > 0x00000000) * 2 - 1;
					goto L8;
				}
				_t221 = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
				if(_t221 != 0) {
					goto L4;
				}
				_t221 = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
				if(_t221 == 0) {
					_t172 = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
					if(_t172 != 0) {
						_t172 = (0 | _t172 > 0x00000000) * 2 - 1;
					}
					goto L8;
				}
				goto L4;
			}




















0x00878a46
0x00878a46
0x00878a46
0x00878a4c
0x00878a9d
0x00878a9f
0x00878aa1
0x00878ce8
0x00878ce8
0x008795f6
0x008795f6
0x00878aa7
0x00878aad
0x00878afe
0x00878b00
0x00878b02
0x00000000
0x00000000
0x00878b08
0x00878b0e
0x00878b5f
0x00878b61
0x00878b63
0x00000000
0x00000000
0x00878b69
0x00878b6f
0x00878bc0
0x00878bc2
0x00878bc4
0x00000000
0x00000000
0x00878bd0
0x00878c22
0x00878c24
0x00878c26
0x00000000
0x00000000
0x00878c2c
0x00878c32
0x00878c83
0x00878c85
0x00878c87
0x00000000
0x00000000
0x00878c89
0x00878c8f
0x00878ce0
0x00878ce2
0x00878ce4
0x00878ce6
0x00878ce6
0x00000000
0x00878ce4
0x00878c98
0x00878c9a
0x00878cb4
0x00878cbb
0x00000000
0x00878cbb
0x00878ca4
0x00878ca6
0x00000000
0x00000000
0x00878cb0
0x00878cb2
0x00878ccc
0x00878cce
0x00878cd7
0x00878cd7
0x00000000
0x00878cce
0x00000000
0x00878cb2
0x00878c3b
0x00878c3d
0x00878c57
0x00878c5e
0x00000000
0x00878c5e
0x00878c47
0x00878c49
0x00000000
0x00000000
0x00878c53
0x00878c55
0x00878c6f
0x00878c71
0x00878c7a
0x00878c7a
0x00000000
0x00878c71
0x00000000
0x00878c55
0x00878bda
0x00878bdc
0x00878bf6
0x00878bfd
0x00000000
0x00878bfd
0x00878be6
0x00878be8
0x00000000
0x00000000
0x00878bf2
0x00878bf4
0x00878c0e
0x00878c10
0x00878c19
0x00878c19
0x00000000
0x00878c10
0x00000000
0x00878bf4
0x00878b78
0x00878b7a
0x00878b94
0x00878b9b
0x00000000
0x00878b9b
0x00878b84
0x00878b86
0x00000000
0x00000000
0x00878b90
0x00878b92
0x00878bac
0x00878bae
0x00878bb7
0x00878bb7
0x00000000
0x00878bae
0x00000000
0x00878b92
0x00878b17
0x00878b19
0x00878b33
0x00878b3a
0x00000000
0x00878b3a
0x00878b23
0x00878b25
0x00000000
0x00000000
0x00878b2f
0x00878b31
0x00878b4b
0x00878b4d
0x00878b56
0x00878b56
0x00000000
0x00878b4d
0x00000000
0x00878b31
0x00878ab6
0x00878ab8
0x00878ad2
0x00878ad9
0x00000000
0x00878ad9
0x00878ac2
0x00878ac4
0x00000000
0x00000000
0x00878ace
0x00878ad0
0x00878aea
0x00878aec
0x00878af5
0x00878af5
0x00000000
0x00878aec
0x00000000
0x00878ad0
0x00878a55
0x00878a57
0x00878a71
0x00878a78
0x00000000
0x00878a78
0x00878a61
0x00878a63
0x00000000
0x00000000
0x00878a6d
0x00878a6f
0x00878a89
0x00878a8b
0x00878a94
0x00878a94
0x00000000
0x00878a8b
0x00000000

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
  • Instruction ID: 5207905be432a0bff64f4fdb6282876a97d852de5f680abe5a8738f58e088eff
  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
  • Instruction Fuzzy Hash: 9A8188722490A38EDB6A4239857C03EFFE1FB923A131A479ED4F6CA1C9ED14C554D620
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0087D8C7(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E0087EA6A(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






0x0087d8d4
0x0087d8d6
0x0087d8d9
0x0087d8dc
0x0087d8df
0x0087d8f0
0x0087d8f2
0x0087d8e1
0x0087d8e5
0x0087d8ee
0x00000000
0x00000000
0x0087d8ee
0x0087d8f7

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 236528562bf122b825a9f80c86b8f56cfa6e42bf9ab44a1e58f9571c507f4792
  • Instruction ID: 7661134090334f19ea67e45254f66e104a0037fabc94dabb527be6a7b0710a49
  • Opcode Fuzzy Hash: 236528562bf122b825a9f80c86b8f56cfa6e42bf9ab44a1e58f9571c507f4792
  • Instruction Fuzzy Hash: 85E0B672921328EBCB15DB9CC94499AF7BCFB4AB50B1584A6B515E3115C270DE00C7D1
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0087C11B(void* __ecx, void* __eflags) {

				if(E0087D8C7(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}



0x0087c123
0x0087c13c
0x0087c137
0x0087c139
0x0087c139

Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c784f281bcc630d8a3ba4624b114e7e20f35c14915246c90fef3a331a4f8acb7
  • Instruction ID: 44f9fe7e1e4a9fbd848905c303c9f538c9ea816deaaede92a48487d439652203
  • Opcode Fuzzy Hash: c784f281bcc630d8a3ba4624b114e7e20f35c14915246c90fef3a331a4f8acb7
  • Instruction Fuzzy Hash: 6CC08C34000A0086CE2A89248A713A43374F79178AFC088ECC40F8B687C62EDC83D722
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 228 87a75c-87a785 call 87b309 231 87aaf5-87aafa call 87cebd 228->231 232 87a78b-87a78e 228->232 232->231 234 87a794-87a79d 232->234 236 87a7a3-87a7a7 234->236 237 87a89e 234->237 236->237 238 87a7ad-87a7b4 236->238 239 87a8a0-87a8a6 237->239 240 87a7b6-87a7bd 238->240 241 87a7cc-87a7d1 238->241 242 87a8ae-87a8ba 239->242 240->241 245 87a7bf-87a7c6 240->245 241->239 246 87a7d7-87a7df call 879a26 241->246 243 87aa60-87aa63 242->243 244 87a8c0-87a8c4 242->244 248 87aa87-87aa8f call 879a26 243->248 249 87aa65-87aa69 243->249 244->243 247 87a8ca-87a8d1 244->247 245->237 245->241 257 87a7e5-87a7fe call 879a26 * 2 246->257 258 87aa91-87aa95 246->258 253 87a8d3-87a8da 247->253 254 87a8e9-87a8ec 247->254 248->231 248->258 249->231 255 87aa6f-87aa84 call 87aafb 249->255 253->254 259 87a8dc-87a8e3 253->259 260 87aa07-87aa0b 254->260 261 87a8f2-87a919 call 87a15e 254->261 255->248 257->231 282 87a804-87a80a 257->282 259->243 259->254 265 87aa17-87aa1b 260->265 266 87aa0d-87aa16 call 87b334 260->266 261->260 274 87a91f-87a922 261->274 265->248 268 87aa1d-87aa29 265->268 266->265 268->248 272 87aa2b-87aa2f 268->272 276 87aa41-87aa49 272->276 277 87aa31-87aa39 272->277 279 87a925-87a93a 274->279 276->231 281 87aa4f-87aa5c call 87b1c5 276->281 277->248 280 87aa3b-87aa3f 277->280 283 87a940-87a943 279->283 284 87a9e9-87a9fc 279->284 280->248 280->276 294 87aab6-87aace call 879a26 * 2 281->294 295 87aa5e 281->295 286 87a836-87a83e call 879a26 282->286 287 87a80c-87a810 282->287 283->284 289 87a949-87a951 283->289 284->279 288 87aa02-87aa05 284->288 302 87a840-87a860 call 879a26 * 2 call 87b1c5 286->302 303 87a8a8-87a8ab 286->303 287->286 291 87a812-87a819 287->291 288->260 289->284 293 87a957-87a96b 289->293 296 87a82d-87a830 291->296 297 87a81b-87a822 291->297 299 87a96e-87a97e 293->299 321 87aad3-87aaf0 call 87a342 call 87b0c5 call 87b282 call 87b041 294->321 322 87aad0 294->322 295->248 296->231 296->286 297->296 301 87a824-87a82b 297->301 304 87a9a6-87a9b3 299->304 305 87a980-87a993 call 87ac31 299->305 301->286 301->296 302->303 329 87a862-87a867 302->329 303->242 304->299 308 87a9b5 304->308 315 87a9b7-87a9e3 call 87a6dc 305->315 316 87a995-87a99b 305->316 312 87a9e6 308->312 312->284 315->312 316->305 319 87a99d-87a9a3 316->319 319->304 321->231 322->321 329->231 331 87a86d-87a86f 329->331 333 87a872-87a885 call 87ae31 331->333 338 87aa96-87aab1 call 87b334 call 87addc call 87b4f8 333->338 339 87a88b-87a897 333->339 338->294 339->333 341 87a899 339->341 341->231
C-Code - Quality: 68%
			E0087A75C(signed int __ecx, signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, char _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int* _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				void* _v72;
				char _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v104;
				void _v108;
				intOrPtr* _v116;
				signed char* _v188;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t200;
				void* _t201;
				signed int _t202;
				char _t203;
				signed int _t205;
				signed int _t207;
				signed char* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t214;
				void* _t217;
				signed char* _t220;
				void* _t223;
				signed int _t228;
				void* _t230;
				signed int _t231;
				void* _t234;
				signed char _t237;
				intOrPtr* _t242;
				void* _t245;
				signed int* _t247;
				signed int _t248;
				intOrPtr _t249;
				signed int _t250;
				void* _t255;
				void* _t260;
				void* _t261;
				signed char* _t268;
				intOrPtr* _t269;
				signed char _t270;
				signed int _t271;
				signed int _t272;
				intOrPtr* _t274;
				signed int _t275;
				signed int _t276;
				signed char _t281;
				signed int _t285;
				signed int _t286;
				intOrPtr _t289;
				signed int _t296;
				signed char* _t297;
				signed int _t298;
				signed int _t299;
				signed int* _t301;
				signed char* _t304;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t326;
				void* _t328;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;

				_t296 = __edx;
				_t273 = __ecx;
				_push(_t315);
				_t301 = _a20;
				_v32 = 0;
				_v5 = 0;
				_t200 = E0087B309(_a8, _a16, _t301);
				_t331 = _t330 + 0xc;
				_v16 = _t200;
				if(_t200 < 0xffffffff || _t200 >= _t301[1]) {
					L67:
					_t201 = E0087CEBD(_t354);
					asm("int3");
					_t328 = _t331;
					_t332 = _t331 - 0x38;
					_push(_t268);
					_t269 = _v116;
					if( *_t269 == 0x80000003) {
						return _t201;
					} else {
						_push(_t315);
						_push(_t301);
						_t202 = E00879A26(_t269, _t273, _t296, _t301, _t315);
						if( *((intOrPtr*)(_t202 + 8)) != 0) {
							__imp__EncodePointer(0);
							_t315 = _t202;
							if( *((intOrPtr*)(E00879A26(_t269, _t273, _t296, 0, _t315) + 8)) != _t315 &&  *_t269 != 0xe0434f4d &&  *_t269 != 0xe0434352) {
								_t214 = E0087A22C(_t269, _a4, _a8, _a12, _a16, _a24, _a28);
								_t332 = _t332 + 0x1c;
								if(_t214 != 0) {
									L84:
									return _t214;
								}
							}
						}
						_t203 = _a16;
						_v28 = _t203;
						_v24 = 0;
						if( *((intOrPtr*)(_t203 + 0xc)) > 0) {
							_push(_a24);
							E0087A15E(_t269, _t273, 0, _t315,  &_v44,  &_v28, _a20, _a12, _t203);
							_t298 = _v40;
							_t333 = _t332 + 0x18;
							_t214 = _v44;
							_v20 = _t214;
							_v12 = _t298;
							if(_t298 >= _v32) {
								goto L84;
							}
							_t275 = _t298 * 0x14;
							_v16 = _t275;
							do {
								_t276 = 5;
								_t217 = memcpy( &_v64,  *((intOrPtr*)( *_t214 + 0x10)) + _t275, _t276 << 2);
								_t333 = _t333 + 0xc;
								if(_v64 <= _t217 && _t217 <= _v60) {
									_t220 = _v48 + 0xfffffff0 + (_v52 << 4);
									_t281 = _t220[4];
									if(_t281 == 0 ||  *((char*)(_t281 + 8)) == 0) {
										if(( *_t220 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E0087A6DC(_t269, _a4, _a8, _a12, _a16, _t220, 0,  &_v64, _a24, _a28);
											_t298 = _v12;
											_t333 = _t333 + 0x30;
										}
									}
								}
								_t298 = _t298 + 1;
								_t214 = _v20;
								_t275 = _v16 + 0x14;
								_v12 = _t298;
								_v16 = _t275;
							} while (_t298 < _v32);
							goto L84;
						}
						E0087CEBD(__eflags);
						asm("int3");
						_push(_t328);
						_t297 = _v188;
						_push(_t269);
						_push(_t315);
						_push(0);
						_t205 = _t297[4];
						__eflags = _t205;
						if(_t205 == 0) {
							L109:
							_t207 = 1;
							__eflags = 1;
						} else {
							_t274 = _t205 + 8;
							__eflags =  *_t274;
							if( *_t274 == 0) {
								goto L109;
							} else {
								__eflags =  *_t297 & 0x00000080;
								_t304 = _v0;
								if(( *_t297 & 0x00000080) == 0) {
									L91:
									_t270 = _t304[4];
									_t317 = 0;
									__eflags = _t205 - _t270;
									if(_t205 == _t270) {
										L101:
										__eflags =  *_t304 & 0x00000002;
										if(( *_t304 & 0x00000002) == 0) {
											L103:
											_t208 = _a4;
											__eflags =  *_t208 & 0x00000001;
											if(( *_t208 & 0x00000001) == 0) {
												L105:
												__eflags =  *_t208 & 0x00000002;
												if(( *_t208 & 0x00000002) == 0) {
													L107:
													_t317 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t297 & 0x00000002;
													if(( *_t297 & 0x00000002) != 0) {
														goto L107;
													}
												}
											} else {
												__eflags =  *_t297 & 0x00000001;
												if(( *_t297 & 0x00000001) != 0) {
													goto L105;
												}
											}
										} else {
											__eflags =  *_t297 & 0x00000008;
											if(( *_t297 & 0x00000008) != 0) {
												goto L103;
											}
										}
										_t207 = _t317;
									} else {
										_t184 = _t270 + 8; // 0x6e
										_t209 = _t184;
										while(1) {
											_t271 =  *_t274;
											__eflags = _t271 -  *_t209;
											if(_t271 !=  *_t209) {
												break;
											}
											__eflags = _t271;
											if(_t271 == 0) {
												L97:
												_t210 = _t317;
											} else {
												_t272 =  *((intOrPtr*)(_t274 + 1));
												__eflags = _t272 -  *((intOrPtr*)(_t209 + 1));
												if(_t272 !=  *((intOrPtr*)(_t209 + 1))) {
													break;
												} else {
													_t274 = _t274 + 2;
													_t209 = _t209 + 2;
													__eflags = _t272;
													if(_t272 != 0) {
														continue;
													} else {
														goto L97;
													}
												}
											}
											L99:
											__eflags = _t210;
											if(_t210 == 0) {
												goto L101;
											} else {
												_t207 = 0;
											}
											goto L110;
										}
										asm("sbb eax, eax");
										_t210 = _t209 | 0x00000001;
										__eflags = _t210;
										goto L99;
									}
								} else {
									__eflags =  *_t304 & 0x00000010;
									if(( *_t304 & 0x00000010) != 0) {
										goto L109;
									} else {
										goto L91;
									}
								}
							}
						}
						L110:
						return _t207;
					}
				} else {
					_t268 = _a4;
					if( *_t268 != 0xe06d7363 || _t268[0x10] != 3 || _t268[0x14] != 0x19930520 && _t268[0x14] != 0x19930521 && _t268[0x14] != 0x19930522) {
						_t315 = 0;
						__eflags = 0;
						goto L24;
					} else {
						_t315 = 0;
						if(_t268[0x1c] != 0) {
							L24:
							_t273 = _a12;
							_v12 = _t273;
							goto L26;
						} else {
							_t223 = E00879A26(_t268, _t273, _t296, _t301, 0);
							if( *((intOrPtr*)(_t223 + 0x10)) == 0) {
								L62:
								return _t223;
							} else {
								_t268 =  *(E00879A26(_t268, _t273, _t296, _t301, 0) + 0x10);
								_t255 = E00879A26(_t268, _t273, _t296, _t301, 0);
								_v32 = 1;
								_v12 =  *((intOrPtr*)(_t255 + 0x14));
								if(_t268 == 0 ||  *_t268 == 0xe06d7363 && _t268[0x10] == 3 && (_t268[0x14] == 0x19930520 || _t268[0x14] == 0x19930521 || _t268[0x14] == 0x19930522) && _t268[0x1c] == _t315) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00879A26(_t268, _t273, _t296, _t301, _t315) + 0x1c)) == _t315) {
										L25:
										_t273 = _v12;
										_t200 = _v16;
										L26:
										_v56 = _t301;
										_v52 = _t315;
										__eflags =  *_t268 - 0xe06d7363;
										if( *_t268 != 0xe06d7363) {
											L58:
											__eflags = _t301[3] - _t315;
											if(_t301[3] <= _t315) {
												goto L61;
											} else {
												__eflags = _a24;
												if(__eflags != 0) {
													goto L67;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t200);
													_push(_t301);
													_push(_a16);
													_push(_t273);
													_push(_a8);
													_push(_t268);
													L68();
													_t331 = _t331 + 0x20;
													goto L61;
												}
											}
										} else {
											__eflags = _t268[0x10] - 3;
											if(_t268[0x10] != 3) {
												goto L58;
											} else {
												__eflags = _t268[0x14] - 0x19930520;
												if(_t268[0x14] == 0x19930520) {
													L31:
													__eflags = _t301[3] - _t315;
													if(_t301[3] > _t315) {
														_push(_a28);
														E0087A15E(_t268, _t273, _t301, _t315,  &_v72,  &_v56, _t200, _a16, _t301);
														_t296 = _v68;
														_t331 = _t331 + 0x18;
														_t242 = _v72;
														_v48 = _t242;
														_v20 = _t296;
														__eflags = _t296 - _v60;
														if(_t296 < _v60) {
															_t285 = _t296 * 0x14;
															__eflags = _t285;
															_v36 = _t285;
															do {
																_t286 = 5;
																_t245 = memcpy( &_v108,  *((intOrPtr*)( *_t242 + 0x10)) + _t285, _t286 << 2);
																_t331 = _t331 + 0xc;
																__eflags = _v108 - _t245;
																if(_v108 <= _t245) {
																	__eflags = _t245 - _v104;
																	if(_t245 <= _v104) {
																		_t289 = 0;
																		_v24 = 0;
																		__eflags = _v96;
																		if(_v96 != 0) {
																			_t247 =  *(_t268[0x1c] + 0xc);
																			_t299 =  *_t247;
																			_t248 =  &(_t247[1]);
																			__eflags = _t248;
																			_v40 = _t248;
																			_t249 = _v92;
																			_v44 = _t299;
																			_v28 = _t249;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t314 = _v40;
																				_t326 = _t299;
																				__eflags = _t326;
																				if(_t326 <= 0) {
																					goto L42;
																				} else {
																					while(1) {
																						_push(_t268[0x1c]);
																						_t250 =  &_v88;
																						_push( *_t314);
																						_push(_t250);
																						L87();
																						_t331 = _t331 + 0xc;
																						__eflags = _t250;
																						if(_t250 != 0) {
																							break;
																						}
																						_t326 = _t326 - 1;
																						_t314 = _t314 + 4;
																						__eflags = _t326;
																						if(_t326 > 0) {
																							continue;
																						} else {
																							_t289 = _v24;
																							_t249 = _v28;
																							_t299 = _v44;
																							goto L42;
																						}
																						goto L45;
																					}
																					_push(_a24);
																					_v5 = 1;
																					_push(_v32);
																					E0087A6DC(_t268, _a8, _v12, _a16, _a20,  &_v88,  *_t314,  &_v108, _a28, _a32);
																					_t331 = _t331 + 0x30;
																				}
																				L45:
																				_t296 = _v20;
																				goto L46;
																				L42:
																				_t289 = _t289 + 1;
																				_t249 = _t249 + 0x10;
																				_v24 = _t289;
																				_v28 = _t249;
																				__eflags = _t289 - _v96;
																			} while (_t289 != _v96);
																			goto L45;
																		}
																	}
																}
																L46:
																_t296 = _t296 + 1;
																_t242 = _v48;
																_t285 = _v36 + 0x14;
																_v20 = _t296;
																_v36 = _t285;
																__eflags = _t296 - _v60;
															} while (_t296 < _v60);
															_t301 = _a20;
															_t315 = 0;
															__eflags = 0;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E0087B334(__eflags);
														_t273 = _t268;
													}
													__eflags = _v5;
													if(_v5 != 0) {
														L61:
														_t223 = E00879A26(_t268, _t273, _t296, _t301, _t315);
														__eflags =  *((intOrPtr*)(_t223 + 0x1c)) - _t315;
														if(__eflags != 0) {
															goto L67;
														} else {
															goto L62;
														}
													} else {
														__eflags = ( *_t301 & 0x1fffffff) - 0x19930521;
														if(( *_t301 & 0x1fffffff) < 0x19930521) {
															goto L61;
														} else {
															__eflags = _t301[7];
															if(_t301[7] != 0) {
																L55:
																__eflags = _t301[8] >> 0x00000002 & 0x00000001;
																if(__eflags != 0) {
																	goto L67;
																} else {
																	_push(_t301[7]);
																	_t228 = E0087B1C5(_t268, _t301, _t315, _t268);
																	_pop(_t273);
																	__eflags = _t228;
																	if(_t228 == 0) {
																		goto L64;
																	} else {
																		goto L61;
																	}
																}
															} else {
																_t237 = _t301[8] >> 2;
																__eflags = _t237 & 0x00000001;
																if((_t237 & 0x00000001) == 0) {
																	goto L61;
																} else {
																	__eflags = _a28;
																	if(_a28 != 0) {
																		goto L61;
																	} else {
																		goto L55;
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t268[0x14] - 0x19930521;
													if(_t268[0x14] == 0x19930521) {
														goto L31;
													} else {
														__eflags = _t268[0x14] - 0x19930522;
														if(_t268[0x14] != 0x19930522) {
															goto L58;
														} else {
															goto L31;
														}
													}
												}
											}
										}
									} else {
										_v20 =  *((intOrPtr*)(E00879A26(_t268, _t273, _t296, _t301, _t315) + 0x1c));
										_t260 = E00879A26(_t268, _t273, _t296, _t301, _t315);
										_push(_v20);
										 *(_t260 + 0x1c) = _t315;
										_t261 = E0087B1C5(_t268, _t301, _t315, _t268);
										_pop(_t273);
										if(_t261 != 0) {
											goto L25;
										} else {
											_t301 = _v20;
											_t352 =  *_t301 - _t315;
											if( *_t301 > _t315) {
												_t291 = _t315;
												_v20 = _t315;
												while(E0087AE31( *((intOrPtr*)(_t291 + _t301[1] + 4)), _t352, 0x886880) == 0) {
													_t315 = _t315 + 1;
													_t291 = _v20 + 0x10;
													_v20 = _v20 + 0x10;
													_t354 = _t315 -  *_t301;
													if(_t315 <  *_t301) {
														continue;
													} else {
													}
													goto L67;
												}
												_push(1);
												_push(_t268);
												E0087B334(__eflags);
												_t273 =  &_v68;
												E0087ADDC( &_v68);
												E0087B4F8( &_v68, 0x884e54);
												L64:
												 *(E00879A26(_t268, _t273, _t296, _t301, _t315) + 0x10) = _t268;
												_t230 = E00879A26(_t268, _t273, _t296, _t301, _t315);
												_t273 = _v12;
												 *(_t230 + 0x14) = _v12;
												_t231 = _a32;
												__eflags = _t231;
												if(_t231 == 0) {
													_t231 = _a8;
												}
												E0087A342(_t273, _t231, _t268);
												E0087B0C5(_a8, _a16, _t301);
												_t234 = E0087B282(_t301);
												_t331 = _t331 + 0x10;
												_push(_t234);
												E0087B041(_t268, _t273, _t296, _t301, _t315, __eflags);
											}
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}






















































































0x0087a75c
0x0087a75c
0x0087a763
0x0087a765
0x0087a76e
0x0087a774
0x0087a777
0x0087a77c
0x0087a77f
0x0087a785
0x0087aaf5
0x0087aaf5
0x0087aafa
0x0087aafc
0x0087aafe
0x0087ab01
0x0087ab02
0x0087ab0b
0x0087ac2a
0x0087ab11
0x0087ab11
0x0087ab12
0x0087ab13
0x0087ab1d
0x0087ab20
0x0087ab26
0x0087ab30
0x0087ab55
0x0087ab5a
0x0087ab5f
0x0087ac26
0x00000000
0x0087ac27
0x0087ab5f
0x0087ab30
0x0087ab65
0x0087ab68
0x0087ab6b
0x0087ab71
0x0087ab77
0x0087ab89
0x0087ab8e
0x0087ab91
0x0087ab94
0x0087ab97
0x0087ab9a
0x0087aba0
0x00000000
0x00000000
0x0087aba6
0x0087aba9
0x0087abac
0x0087abbb
0x0087abbc
0x0087abbc
0x0087abc1
0x0087abd4
0x0087abd6
0x0087abdb
0x0087abe6
0x0087abe8
0x0087abea
0x0087ac06
0x0087ac0b
0x0087ac0e
0x0087ac0e
0x0087abe6
0x0087abdb
0x0087ac14
0x0087ac15
0x0087ac18
0x0087ac1b
0x0087ac1e
0x0087ac21
0x00000000
0x0087abac
0x0087ac2b
0x0087ac30
0x0087ac31
0x0087ac34
0x0087ac37
0x0087ac38
0x0087ac39
0x0087ac3a
0x0087ac3d
0x0087ac3f
0x0087acb7
0x0087acb9
0x0087acb9
0x0087ac41
0x0087ac41
0x0087ac44
0x0087ac47
0x00000000
0x0087ac49
0x0087ac49
0x0087ac4c
0x0087ac4f
0x0087ac56
0x0087ac56
0x0087ac59
0x0087ac5b
0x0087ac5d
0x0087ac8f
0x0087ac8f
0x0087ac92
0x0087ac99
0x0087ac99
0x0087ac9c
0x0087ac9f
0x0087aca6
0x0087aca6
0x0087aca9
0x0087acb0
0x0087acb2
0x0087acb2
0x0087acab
0x0087acab
0x0087acae
0x00000000
0x00000000
0x0087acae
0x0087aca1
0x0087aca1
0x0087aca4
0x00000000
0x00000000
0x0087aca4
0x0087ac94
0x0087ac94
0x0087ac97
0x00000000
0x00000000
0x0087ac97
0x0087acb3
0x0087ac5f
0x0087ac5f
0x0087ac5f
0x0087ac62
0x0087ac62
0x0087ac64
0x0087ac66
0x00000000
0x00000000
0x0087ac68
0x0087ac6a
0x0087ac7e
0x0087ac7e
0x0087ac6c
0x0087ac6c
0x0087ac6f
0x0087ac72
0x00000000
0x0087ac74
0x0087ac74
0x0087ac77
0x0087ac7a
0x0087ac7c
0x00000000
0x00000000
0x00000000
0x00000000
0x0087ac7c
0x0087ac72
0x0087ac87
0x0087ac87
0x0087ac89
0x00000000
0x0087ac8b
0x0087ac8b
0x0087ac8b
0x00000000
0x0087ac89
0x0087ac82
0x0087ac84
0x0087ac84
0x00000000
0x0087ac84
0x0087ac51
0x0087ac51
0x0087ac54
0x00000000
0x00000000
0x00000000
0x00000000
0x0087ac54
0x0087ac4f
0x0087ac47
0x0087acba
0x0087acbe
0x0087acbe
0x0087a794
0x0087a794
0x0087a79d
0x0087a89e
0x0087a89e
0x00000000
0x0087a7cc
0x0087a7cc
0x0087a7d1
0x0087a8a0
0x0087a8a0
0x0087a8a3
0x00000000
0x0087a7d7
0x0087a7d7
0x0087a7df
0x0087aa91
0x0087aa95
0x0087a7e5
0x0087a7ea
0x0087a7ed
0x0087a7f2
0x0087a7f9
0x0087a7fe
0x00000000
0x0087a836
0x0087a83e
0x0087a8a8
0x0087a8a8
0x0087a8ab
0x0087a8ae
0x0087a8ae
0x0087a8b1
0x0087a8b4
0x0087a8ba
0x0087aa60
0x0087aa60
0x0087aa63
0x00000000
0x0087aa65
0x0087aa65
0x0087aa69
0x00000000
0x0087aa6f
0x0087aa6f
0x0087aa72
0x0087aa75
0x0087aa76
0x0087aa77
0x0087aa7a
0x0087aa7b
0x0087aa7e
0x0087aa7f
0x0087aa84
0x00000000
0x0087aa84
0x0087aa69
0x0087a8c0
0x0087a8c0
0x0087a8c4
0x00000000
0x0087a8ca
0x0087a8ca
0x0087a8d1
0x0087a8e9
0x0087a8e9
0x0087a8ec
0x0087a8f2
0x0087a902
0x0087a907
0x0087a90a
0x0087a90d
0x0087a910
0x0087a913
0x0087a916
0x0087a919
0x0087a91f
0x0087a91f
0x0087a922
0x0087a925
0x0087a934
0x0087a935
0x0087a935
0x0087a937
0x0087a93a
0x0087a940
0x0087a943
0x0087a949
0x0087a94b
0x0087a94e
0x0087a951
0x0087a95a
0x0087a95d
0x0087a95f
0x0087a95f
0x0087a962
0x0087a965
0x0087a968
0x0087a96b
0x0087a96e
0x0087a973
0x0087a974
0x0087a975
0x0087a976
0x0087a977
0x0087a97a
0x0087a97c
0x0087a97e
0x00000000
0x0087a980
0x0087a980
0x0087a980
0x0087a983
0x0087a986
0x0087a988
0x0087a989
0x0087a98e
0x0087a991
0x0087a993
0x00000000
0x00000000
0x0087a995
0x0087a996
0x0087a999
0x0087a99b
0x00000000
0x0087a99d
0x0087a99d
0x0087a9a0
0x0087a9a3
0x00000000
0x0087a9a3
0x00000000
0x0087a99b
0x0087a9b7
0x0087a9bd
0x0087a9c1
0x0087a9de
0x0087a9e3
0x0087a9e3
0x0087a9e6
0x0087a9e6
0x00000000
0x0087a9a6
0x0087a9a6
0x0087a9a7
0x0087a9aa
0x0087a9ad
0x0087a9b0
0x0087a9b0
0x00000000
0x0087a9b5
0x0087a951
0x0087a943
0x0087a9e9
0x0087a9ec
0x0087a9ed
0x0087a9f0
0x0087a9f3
0x0087a9f6
0x0087a9f9
0x0087a9f9
0x0087aa02
0x0087aa05
0x0087aa05
0x0087aa05
0x0087a919
0x0087aa07
0x0087aa0b
0x0087aa0d
0x0087aa10
0x0087aa16
0x0087aa16
0x0087aa17
0x0087aa1b
0x0087aa87
0x0087aa87
0x0087aa8c
0x0087aa8f
0x00000000
0x00000000
0x00000000
0x00000000
0x0087aa1d
0x0087aa24
0x0087aa29
0x00000000
0x0087aa2b
0x0087aa2b
0x0087aa2f
0x0087aa41
0x0087aa47
0x0087aa49
0x00000000
0x0087aa4f
0x0087aa4f
0x0087aa53
0x0087aa59
0x0087aa5a
0x0087aa5c
0x00000000
0x0087aa5e
0x00000000
0x0087aa5e
0x0087aa5c
0x0087aa31
0x0087aa34
0x0087aa37
0x0087aa39
0x00000000
0x0087aa3b
0x0087aa3b
0x0087aa3f
0x00000000
0x00000000
0x00000000
0x00000000
0x0087aa3f
0x0087aa39
0x0087aa2f
0x0087aa29
0x0087a8d3
0x0087a8d3
0x0087a8da
0x00000000
0x0087a8dc
0x0087a8dc
0x0087a8e3
0x00000000
0x00000000
0x00000000
0x00000000
0x0087a8e3
0x0087a8da
0x0087a8d1
0x0087a8c4
0x0087a840
0x0087a848
0x0087a84b
0x0087a850
0x0087a854
0x0087a857
0x0087a85d
0x0087a860
0x00000000
0x0087a862
0x0087a862
0x0087a865
0x0087a867
0x0087a86d
0x0087a86f
0x0087a872
0x0087a88e
0x0087a88f
0x0087a892
0x0087a895
0x0087a897
0x00000000
0x00000000
0x0087a899
0x00000000
0x0087a897
0x0087aa96
0x0087aa98
0x0087aa99
0x0087aaa0
0x0087aaa3
0x0087aab1
0x0087aab6
0x0087aabb
0x0087aabe
0x0087aac3
0x0087aac6
0x0087aac9
0x0087aacc
0x0087aace
0x0087aad0
0x0087aad0
0x0087aad5
0x0087aae1
0x0087aae7
0x0087aaec
0x0087aaef
0x0087aaf0
0x0087aaf0
0x00000000
0x0087a867
0x0087a860
0x0087a83e
0x0087a7fe
0x0087a7df
0x0087a7d1
0x0087a79d

APIs
  • IsInExceptionSpec.LIBVCRUNTIME ref: 0087A857
  • type_info::operator==.LIBVCRUNTIME ref: 0087A87E
  • ___TypeMatch.LIBVCRUNTIME ref: 0087A989
  • ___DestructExceptionObject.LIBVCRUNTIME ref: 0087AA10
  • IsInExceptionSpec.LIBVCRUNTIME ref: 0087AA53
  • ___DestructExceptionObject.LIBVCRUNTIME ref: 0087AA99
  • __CxxThrowException@8.LIBVCRUNTIME ref: 0087AAB1
  • _UnwindNestedFrames.LIBCMT ref: 0087AAD5
  • CallUnexpected.LIBVCRUNTIME ref: 0087AAF0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: Exception$DestructObjectSpec$CallException@8FramesMatchNestedThrowTypeUnexpectedUnwindtype_info::operator==
  • String ID: csm$csm$csm
  • API String ID: 1699967666-393685449
  • Opcode ID: ecd56d8f6a63b3ecf9a2618634c2a1f7563545d3a2f94872e9b7edfbdacf7a0c
  • Instruction ID: f4f33036084e1b61a3f5f58a2c43fcd3f09a2f4cff50f53ee559afd1f6ca1ecb
  • Opcode Fuzzy Hash: ecd56d8f6a63b3ecf9a2618634c2a1f7563545d3a2f94872e9b7edfbdacf7a0c
  • Instruction Fuzzy Hash: AEB15071800219DFCF29DF98C9819AEBBB5FF94310F14815AE819AB21AD731D991CF93
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 346 879870-8798c1 call 884be7 call 879830 call 879fb7 353 8798c3-8798d5 346->353 354 87991d-879920 346->354 356 879940-879949 353->356 357 8798d7-8798ee 353->357 355 879922-87992f call 879fa0 354->355 354->356 362 879934-87993d call 879830 355->362 359 879904 357->359 360 8798f0-8798fe call 879f50 357->360 361 879907-87990c 359->361 369 879914-87991b 360->369 370 879900 360->370 361->357 364 87990e-879910 361->364 362->356 364->356 367 879912 364->367 367->362 369->362 371 879902 370->371 372 87994a-879953 370->372 371->361 373 879955-87995c 372->373 374 87998d-87999d call 879f84 372->374 373->374 376 87995e-87996d call 884450 373->376 380 8799b1-8799cd call 879830 call 879f68 374->380 381 87999f-8799ae call 879fa0 374->381 382 87996f-879987 376->382 383 87998a 376->383 381->380 382->383 383->374
C-Code - Quality: 59%
			E00879870(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _t56;
				signed int _t63;
				intOrPtr _t64;
				void* _t65;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				signed int _t71;
				signed int _t72;
				signed int _t75;
				intOrPtr* _t79;
				intOrPtr _t80;
				intOrPtr _t82;
				signed int _t85;
				char _t87;
				intOrPtr _t91;
				intOrPtr* _t92;
				signed int _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t106;
				signed int _t108;
				void* _t111;
				void* _t112;
				void* _t119;

				_t79 = _a4;
				_v5 = 0;
				_v16 = 1;
				 *_t79 = E00884BE7(__ecx,  *_t79);
				_t80 = _a8;
				_t6 = _t80 + 0x10; // 0x11
				_t106 = _t6;
				_push(_t106);
				_v20 = _t106;
				_v12 =  *(_t80 + 8) ^  *0x886008;
				E00879830( *(_t80 + 8) ^  *0x886008);
				E00879FB7(_a12);
				_t56 = _a4;
				_t112 = _t111 + 0x10;
				_t103 =  *((intOrPtr*)(_t80 + 0xc));
				if(( *(_t56 + 4) & 0x00000066) != 0) {
					__eflags = _t103 - 0xfffffffe;
					if(_t103 != 0xfffffffe) {
						E00879FA0(_t80, 0xfffffffe, _t106, 0x886008);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t56;
					_v28 = _a12;
					 *((intOrPtr*)(_t80 - 4)) =  &_v32;
					if(_t103 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t85 = _v12;
							_t63 = _t103 + (_t103 + 2) * 2;
							_t82 =  *((intOrPtr*)(_t85 + _t63 * 4));
							_t64 = _t85 + _t63 * 4;
							_t86 =  *((intOrPtr*)(_t64 + 4));
							_v24 = _t64;
							if( *((intOrPtr*)(_t64 + 4)) == 0) {
								_t87 = _v5;
								goto L7;
							} else {
								_t65 = E00879F50(_t86, _t106);
								_t87 = 1;
								_v5 = 1;
								_t119 = _t65;
								if(_t119 < 0) {
									_v16 = 0;
									L13:
									_push(_t106);
									E00879830(_v12);
									goto L14;
								} else {
									if(_t119 > 0) {
										_t66 = _a4;
										__eflags =  *_t66 - 0xe06d7363;
										if( *_t66 == 0xe06d7363) {
											__eflags =  *0x8719fc;
											if(__eflags != 0) {
												_t75 = E00884450(__eflags, 0x8719fc);
												_t112 = _t112 + 4;
												__eflags = _t75;
												if(_t75 != 0) {
													_t108 =  *0x8719fc; // 0x87b334
													 *0x88814c(_a4, 1);
													 *_t108();
													_t106 = _v20;
													_t112 = _t112 + 8;
												}
												_t66 = _a4;
											}
										}
										E00879F84(_t66, _a8, _t66);
										_t68 = _a8;
										__eflags =  *((intOrPtr*)(_t68 + 0xc)) - _t103;
										if( *((intOrPtr*)(_t68 + 0xc)) != _t103) {
											E00879FA0(_t68, _t103, _t106, 0x886008);
											_t68 = _a8;
										}
										_push(_t106);
										 *((intOrPtr*)(_t68 + 0xc)) = _t82;
										E00879830(_v12);
										E00879F68();
										asm("int3");
										_t70 = _v40;
										_t91 = _v36;
										__eflags = _t70 - _t91;
										if(_t70 != _t91) {
											_t92 = _t91 + 5;
											_t71 = _t70 + 5;
											__eflags = _t71;
											while(1) {
												_t99 =  *_t71;
												__eflags = _t99 -  *_t92;
												if(_t99 !=  *_t92) {
													break;
												}
												__eflags = _t99;
												if(_t99 == 0) {
													goto L24;
												} else {
													_t100 =  *((intOrPtr*)(_t71 + 1));
													__eflags = _t100 -  *((intOrPtr*)(_t92 + 1));
													if(_t100 !=  *((intOrPtr*)(_t92 + 1))) {
														break;
													} else {
														_t71 = _t71 + 2;
														_t92 = _t92 + 2;
														__eflags = _t100;
														if(_t100 != 0) {
															continue;
														} else {
															goto L24;
														}
													}
												}
												goto L32;
											}
											asm("sbb eax, eax");
											_t72 = _t71 | 0x00000001;
											__eflags = _t72;
											return _t72;
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L32;
							L7:
							_t103 = _t82;
						} while (_t82 != 0xfffffffe);
						if(_t87 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L32:
			}





































0x00879877
0x0087987c
0x00879882
0x0087988e
0x00879890
0x00879896
0x00879896
0x0087989f
0x008798a1
0x008798a4
0x008798a7
0x008798af
0x008798b4
0x008798b7
0x008798ba
0x008798c1
0x0087991d
0x00879920
0x0087992f
0x00000000
0x0087992f
0x00000000
0x008798c3
0x008798c3
0x008798c9
0x008798cf
0x008798d5
0x00879940
0x00879949
0x008798d7
0x008798d7
0x008798d7
0x008798dd
0x008798e0
0x008798e3
0x008798e6
0x008798e9
0x008798ee
0x00879904
0x00000000
0x008798f0
0x008798f2
0x008798f7
0x008798f9
0x008798fc
0x008798fe
0x00879914
0x00879934
0x00879934
0x00879938
0x00000000
0x00879900
0x00879900
0x0087994a
0x0087994d
0x00879953
0x00879955
0x0087995c
0x00879963
0x00879968
0x0087996b
0x0087996d
0x0087996f
0x0087997c
0x00879982
0x00879984
0x00879987
0x00879987
0x0087998a
0x0087998a
0x0087995c
0x00879992
0x00879997
0x0087999a
0x0087999d
0x008799a9
0x008799ae
0x008799ae
0x008799b1
0x008799b5
0x008799b8
0x008799c8
0x008799cd
0x008799d1
0x008799d4
0x008799d7
0x008799d9
0x008799df
0x008799e2
0x008799e2
0x008799e5
0x008799e5
0x008799e7
0x008799e9
0x00000000
0x00000000
0x008799eb
0x008799ed
0x00000000
0x008799ef
0x008799ef
0x008799f2
0x008799f5
0x00000000
0x008799f7
0x008799f7
0x008799fa
0x008799fd
0x008799ff
0x00000000
0x00879a01
0x00000000
0x00879a01
0x008799ff
0x008799f5
0x00000000
0x008799ed
0x00879a03
0x00879a05
0x00879a05
0x00879a09
0x008799db
0x008799db
0x008799db
0x008799de
0x008799de
0x00879902
0x00000000
0x00879902
0x00879900
0x008798fe
0x00000000
0x00879907
0x00879907
0x00879909
0x00879910
0x00000000
0x00879912
0x00000000
0x00879910
0x008798d5
0x00000000

APIs
  • _ValidateLocalCookies.LIBCMT ref: 008798A7
  • ___except_validate_context_record.LIBVCRUNTIME ref: 008798AF
  • _ValidateLocalCookies.LIBCMT ref: 00879938
  • __IsNonwritableInCurrentImage.LIBCMT ref: 00879963
  • _ValidateLocalCookies.LIBCMT ref: 008799B8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
  • String ID: csm
  • API String ID: 1170836740-1018135373
  • Opcode ID: 497b93c5011f9c158ff12e5f023bf500b21639dc4d793b7436e9e3cdef3f7760
  • Instruction ID: ccad1341d6a2a0bb7a7c3b9f311469f1249d2c5be2fee89d52fd4b9d9fe951aa
  • Opcode Fuzzy Hash: 497b93c5011f9c158ff12e5f023bf500b21639dc4d793b7436e9e3cdef3f7760
  • Instruction Fuzzy Hash: DB414A34A10209ABCF10DF68C884A9EBBA5FF45328F14C159E96CDB35AD631DA15CB92
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 392 87e91c-87e928 393 87e9ba-87e9bd 392->393 394 87e9c3 393->394 395 87e92d-87e93e 393->395 396 87e9c5-87e9c9 394->396 397 87e940-87e943 395->397 398 87e94b-87e964 LoadLibraryExW 395->398 399 87e9e3-87e9e5 397->399 400 87e949 397->400 401 87e966-87e96f GetLastError 398->401 402 87e9ca-87e9da 398->402 399->396 404 87e9b7 400->404 405 87e971-87e983 call 87d00c 401->405 406 87e9a8-87e9b5 401->406 402->399 403 87e9dc-87e9dd FreeLibrary 402->403 403->399 404->393 405->406 409 87e985-87e997 call 87d00c 405->409 406->404 409->406 412 87e999-87e9a6 LoadLibraryExW 409->412 412->402 412->406
C-Code - Quality: 100%
			E0087E91C(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x887108 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x872198 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x887108 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x887108 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E0087D00C(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E0087D00C(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












0x0087e925
0x0087e9ba
0x0087e92d
0x0087e92f
0x0087e939
0x0087e93e
0x0087e94b
0x0087e960
0x0087e964
0x0087e9ca
0x0087e9cf
0x0087e9d6
0x0087e9da
0x0087e9dd
0x0087e9dd
0x0087e9e3
0x0087e9e3
0x0087e9c5
0x0087e9c9
0x0087e9c9
0x0087e966
0x0087e96f
0x0087e9a8
0x0087e9b5
0x0087e9b7
0x0087e9b7
0x00000000
0x0087e9b7
0x0087e979
0x0087e97e
0x0087e983
0x00000000
0x00000000
0x0087e98d
0x0087e992
0x0087e997
0x00000000
0x00000000
0x0087e99c
0x0087e9a2
0x0087e9a6
0x00000000
0x00000000
0x00000000
0x0087e9a6
0x0087e943
0x00000000
0x00000000
0x00000000
0x0087e949
0x0087e9c3
0x00000000

APIs
  • FreeLibrary.KERNEL32(00000000,?,0087EA29,0087CADD,0000000C,00884D18,00000000,00000000,?,0087EB83,00000021,FlsSetValue,008726BC,008726C4,00884D18), ref: 0087E9DD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: FreeLibrary
  • String ID: api-ms-$ext-ms-
  • API String ID: 3664257935-537541572
  • Opcode ID: 1a86708a3ba08a74896c85c2fccc7e2bf3648fe5209fc53f4db0143156963462
  • Instruction ID: a00802a16381100dcb6b2b27ac2ab635b55dc96bdb2f88b6623641e23d83f2c8
  • Opcode Fuzzy Hash: 1a86708a3ba08a74896c85c2fccc7e2bf3648fe5209fc53f4db0143156963462
  • Instruction Fuzzy Hash: 6A210573A00210EBCB229B68DC44B5A7B68FF15764F258150EA1DE7298DB30ED00C7E0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 413 879a34-879a3b 414 879a40-879a5b GetLastError call 879d28 413->414 415 879a3d-879a3f 413->415 418 879a74-879a76 414->418 419 879a5d-879a5f 414->419 421 879aba-879ac5 SetLastError 418->421 420 879a61-879a72 call 879d63 419->420 419->421 420->418 424 879a78-879a88 call 87d001 420->424 427 879a9c-879aac call 879d63 424->427 428 879a8a-879a9a call 879d63 424->428 433 879ab2-879ab9 call 87bd2e 427->433 428->427 434 879aae-879ab0 428->434 433->421 434->433
C-Code - Quality: 83%
			E00879A34(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				long _t26;
				void* _t29;

				if( *0x886020 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E00879D28(__eflags,  *0x886020);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00879D63(__eflags,  *0x886020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E0087D001();
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00879D63(__eflags,  *0x886020, 0);
								} else {
									__eflags = E00879D63(__eflags,  *0x886020, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E0087BD2E(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}







0x00879a3b
0x00879a4e
0x00879a55
0x00879a58
0x00879a5b
0x00879a74
0x00879a74
0x00879a5d
0x00879a5d
0x00879a5f
0x00879a69
0x00879a70
0x00879a72
0x00879a79
0x00879a7b
0x00879a82
0x00879a86
0x00879a88
0x00879a9c
0x00879a9c
0x00879aa5
0x00879a8a
0x00879a98
0x00879a9a
0x00879aae
0x00879ab0
0x00879ab0
0x00000000
0x00000000
0x00000000
0x00879a9a
0x00879ab3
0x00000000
0x00000000
0x00000000
0x00879a72
0x00879a5f
0x00879abb
0x00879ac5
0x00879a3d
0x00879a3f
0x00879a3f

APIs
  • GetLastError.KERNEL32(?,?,00879A2B,0087A2BA), ref: 00879A42
  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00879A50
  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00879A69
  • SetLastError.KERNEL32(00000000,?,00879A2B,0087A2BA), ref: 00879ABB
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: ErrorLastValue___vcrt_
  • String ID:
  • API String ID: 3852720340-0
  • Opcode ID: 2ef4ee6eebfd41bc22fbe20e8fb6c4cabc3cf00d085ea314fdc40899d470b829
  • Instruction ID: 47086f9a67a22172fd1cfb8b9c253c80ccab18e12ad4d4806e34fc42e8640fa0
  • Opcode Fuzzy Hash: 2ef4ee6eebfd41bc22fbe20e8fb6c4cabc3cf00d085ea314fdc40899d470b829
  • Instruction Fuzzy Hash: F601283250AB315ED731277C6C866666EA4FF167747304229F469D11F9FF51CC105244
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 25%
			E0087C13D(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x886008; // 0xb2d62b2
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x884c97, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x88814c(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











0x0087c152
0x0087c15d
0x0087c163
0x0087c167
0x0087c172
0x0087c17a
0x0087c184
0x0087c18a
0x0087c18e
0x0087c195
0x0087c19b
0x0087c19b
0x0087c18e
0x0087c1a1
0x0087c1a6
0x0087c1a6
0x0087c1af
0x0087c1b9

APIs
  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,0B2D62B2,00884D18,?,00000000,00884C97,000000FF,?,0087C110,FFFFFFD8,?,0087C0E4,00884D18), ref: 0087C172
  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0087C184
  • FreeLibrary.KERNEL32(00000000,?,00000000,00884C97,000000FF,?,0087C110,FFFFFFD8,?,0087C0E4,00884D18), ref: 0087C1A6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: e93d9dcf79c0d7ed700c0a03bac71eddc2a9c4c594ddfcd0d735e140512017e8
  • Instruction ID: c99284dfd0ab97f8b5ff86fae96c70fd3c9b7fff271ea0ede70b1975d7048e2d
  • Opcode Fuzzy Hash: e93d9dcf79c0d7ed700c0a03bac71eddc2a9c4c594ddfcd0d735e140512017e8
  • Instruction Fuzzy Hash: D8018631940669EFDB119F58DC09FAEBBB8FB44B54F408529F825E2690DB78D904CB60
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 60%
			E00880DE0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				signed int _t41;
				intOrPtr _t46;
				signed int _t49;
				void* _t53;
				signed int _t57;
				void* _t63;
				intOrPtr _t65;
				void* _t66;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr* _t92;
				intOrPtr* _t95;
				intOrPtr* _t97;
				signed int _t98;
				void* _t99;
				intOrPtr* _t100;
				intOrPtr* _t102;
				void* _t105;

				_push(__ecx);
				_push(__ecx);
				_t41 =  *0x886008; // 0xb2d62b2
				_v8 = _t41 ^ _t98;
				_t72 = _a20;
				if(_t72 > 0) {
					_t70 = E008820AF(_a16, _t72);
					_t105 = _t70 - _t72;
					_t4 = _t70 + 1; // 0x1
					_t72 = _t4;
					if(_t105 >= 0) {
						_t72 = _t70;
					}
				}
				_t76 = _a32;
				if(_a32 == 0) {
					_t69 =  *((intOrPtr*)( *_a4 + 8));
					_t76 = _t69;
					_a32 = _t69;
				}
				_t46 = E0087E730(_t76, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t72, 0, 0);
				_t100 = _t99 + 0x18;
				_v12 = _t46;
				if(_t46 == 0) {
					L41:
					return E00877061(_v8 ^ _t98);
				} else {
					_t16 = _t46 + _t46 + 8; // 0x8
					asm("sbb eax, eax");
					_t49 = _t46 + _t46 & _t16;
					if(_t49 == 0) {
						_t95 = 0;
						L39:
						_t74 = 0;
						L40:
						E0087FE93(_t95);
						goto L41;
					}
					if(_t49 > 0x400) {
						_t92 = E0087FCEE(_t49);
						if(_t92 == 0) {
							L13:
							_t95 = _t92;
							if(_t92 == 0) {
								goto L39;
							}
							_t53 = E0087E730(_a32, 1, _a16, _t72, _t92, _v12);
							_t102 = _t100 + 0x18;
							if(_t53 == 0) {
								goto L39;
							}
							_t96 = _v12;
							_t74 = E0087EBF4(_a8, _a12, _t92, _v12, 0, 0, 0, 0, 0);
							if(_t74 == 0) {
								L19:
								_t95 = _t92;
								goto L39;
							}
							if((_a12 & 0x00000400) == 0) {
								_t31 = _t74 + _t74 + 8; // 0x8
								asm("sbb eax, eax");
								_t57 = _t74 + _t74 & _t31;
								if(_t57 == 0) {
									_t97 = 0;
									L37:
									E0087FE93(_t97);
									goto L19;
								}
								if(_t57 > 0x400) {
									_t97 = E0087FCEE(_t57);
									if(_t97 == 0) {
										goto L37;
									}
									 *_t97 = 0xdddd;
									L28:
									_t97 = _t97 + 8;
									if(_t97 == 0 || E0087EBF4(_a8, _a12, _t92, _v12, _t97, _t74, 0, 0, 0) == 0) {
										goto L37;
									} else {
										_push(0);
										_push(0);
										if(_a28 != 0) {
											_push(_a28);
											_push(_a24);
										} else {
											_push(0);
											_push(0);
										}
										_push(_t74);
										_push(_t97);
										_push(0);
										_push(_a32);
										_t63 = E0087E7AC();
										_t74 = _t63;
										if(_t63 == 0) {
											goto L37;
										} else {
											E0087FE93(_t97);
											L34:
											_t95 = _t92;
											goto L40;
										}
									}
								}
								E00884740();
								_t97 = _t102;
								if(_t97 == 0) {
									goto L37;
								}
								 *_t97 = 0xcccc;
								goto L28;
							}
							_t65 = _a28;
							if(_t65 == 0) {
								goto L34;
							}
							if(_t74 <= _t65) {
								_t66 = E0087EBF4(_a8, _a12, _t92, _t96, _a24, _t65, 0, 0, 0);
								_t74 = _t66;
								if(_t66 != 0) {
									goto L34;
								}
							}
							goto L19;
						}
						 *_t92 = 0xdddd;
						L12:
						_t92 = _t92 + 8;
						goto L13;
					}
					E00884740();
					_t92 = _t100;
					if(_t92 == 0) {
						goto L13;
					}
					 *_t92 = 0xcccc;
					goto L12;
				}
			}

























0x00880de5
0x00880de6
0x00880de7
0x00880dee
0x00880df2
0x00880df9
0x00880dff
0x00880e05
0x00880e08
0x00880e08
0x00880e0b
0x00880e0d
0x00880e0d
0x00880e0b
0x00880e0f
0x00880e14
0x00880e1b
0x00880e1e
0x00880e20
0x00880e20
0x00880e3c
0x00880e41
0x00880e44
0x00880e49
0x00880fbc
0x00880fcd
0x00880e4f
0x00880e51
0x00880e56
0x00880e58
0x00880e5a
0x00880faf
0x00880fb1
0x00880fb1
0x00880fb3
0x00880fb4
0x00000000
0x00880fba
0x00880e65
0x00880e80
0x00880e85
0x00880e90
0x00880e90
0x00880e94
0x00000000
0x00000000
0x00880ea7
0x00880eac
0x00880eb1
0x00000000
0x00000000
0x00880eb7
0x00880ece
0x00880ed2
0x00880eed
0x00880eed
0x00000000
0x00880eed
0x00880edc
0x00880f19
0x00880f1e
0x00880f20
0x00880f22
0x00880fa1
0x00880fa3
0x00880fa4
0x00000000
0x00880fa9
0x00880f26
0x00880f41
0x00880f46
0x00000000
0x00000000
0x00880f48
0x00880f4e
0x00880f4e
0x00880f53
0x00000000
0x00880f6f
0x00880f71
0x00880f72
0x00880f76
0x00880f99
0x00880f9c
0x00880f78
0x00880f78
0x00880f79
0x00880f79
0x00880f7a
0x00880f7b
0x00880f7c
0x00880f7d
0x00880f80
0x00880f85
0x00880f8c
0x00000000
0x00880f8e
0x00880f8f
0x00880f95
0x00880f95
0x00000000
0x00880f95
0x00880f8c
0x00880f53
0x00880f28
0x00880f2d
0x00880f31
0x00000000
0x00000000
0x00880f33
0x00000000
0x00880f33
0x00880ede
0x00880ee3
0x00000000
0x00000000
0x00880eeb
0x00880f05
0x00880f0a
0x00880f0e
0x00000000
0x00000000
0x00880f14
0x00000000
0x00880eeb
0x00880e87
0x00880e8d
0x00880e8d
0x00000000
0x00880e8d
0x00880e67
0x00880e6c
0x00880e70
0x00000000
0x00000000
0x00880e72
0x00000000
0x00880e72

APIs
  • __alloca_probe_16.LIBCMT ref: 00880E67
  • __alloca_probe_16.LIBCMT ref: 00880F28
  • __freea.LIBCMT ref: 00880F8F
    • Part of subcall function 0087FCEE: RtlAllocateHeap.NTDLL(00000000,00000000,0087CADD,?,0087D7D3,00884D18,00000000,?,0087BD92,00000000,0087CADD,0088743C,?,00887438,?,0087C8D7), ref: 0087FD20
  • __freea.LIBCMT ref: 00880FA4
  • __freea.LIBCMT ref: 00880FB4
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: __freea$__alloca_probe_16$AllocateHeap
  • String ID:
  • API String ID: 1423051803-0
  • Opcode ID: b8bb7101bb95be6a2d0fd6baf22b01ae42919982aaa2a567f57e95e77c6d6ceb
  • Instruction ID: d359d22fbd007ef3b5a412c831c3b95b02ee266dc1e57dbe3ea264964bfa5c5e
  • Opcode Fuzzy Hash: b8bb7101bb95be6a2d0fd6baf22b01ae42919982aaa2a567f57e95e77c6d6ceb
  • Instruction Fuzzy Hash: 9151C37260021A6FEF71AFA8CC41EBB76A9FF44354B158568FE08D6191EB70CC149FA1
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 79%
			E008811C1(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				void* _t296;
				struct _OVERLAPPED* _t297;
				signed int _t301;
				signed int _t303;
				struct _OVERLAPPED* _t304;
				signed char* _t307;
				intOrPtr* _t308;
				signed int _t310;
				long _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				void* _t316;
				void* _t317;

				_push(0xffffffff);
				_push(0x884cee);
				_push( *[fs:0x0]);
				_t316 = _t315 - 0x74;
				_t177 =  *0x886008; // 0xb2d62b2
				_t178 = _t177 ^ _t314;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t307 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t307;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_t13 = _t268 + 0x18; // 0xfffffffe
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x8871e8 + _t291 * 4)) + _t13));
				_v88 = _a16 + _t307;
				_t186 = GetConsoleOutputCP();
				_t318 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E0087D050(_t265, _t291, _t318);
				}
				_t308 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t301 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x8871e8 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t301 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t301 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x8871e8 + _v84 * 4) + _t301 + 0x2d) =  *( *(0x8871e8 + _v84 * 4) + _t301 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t308 + 4)) = _v76 + 1;
									} else {
										_t224 = E0088074F(_t273, _t292,  &_v68, _t292, 2, _v64);
										_t317 = _t316 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t301 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t301 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E0088074F(_t273, _t292);
								_t317 = _t316 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t301;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t303 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x886758; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t303;
								if(_t281 > _t303) {
									__eflags = _t303;
									if(_t303 <= 0) {
										goto L44;
									} else {
										_t310 = _v72;
										do {
											 *((char*)( *(0x8871e8 + _v84 * 4) + _t310 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t303;
										} while (_t267 < _t303);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00881FA7( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t317 = _t316 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t301 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x886758)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t303) {
									__eflags = _t303;
									if(_t303 > 0) {
										_t248 = _v52;
										_t311 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t296 =  *(0x8871e8 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											 *((char*)(_t296 + _t311 + 0x2e)) = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t303;
										} while (_t267 < _t303);
										L43:
										_t308 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t308 + 4)) =  *((intOrPtr*)(_t308 + 4)) + _t303;
								} else {
									_t287 = _v48;
									_t304 = _t267;
									_t312 = _v80;
									do {
										 *((char*)(_t314 + _t304 - 0x18)) =  *_t312;
										_t304 =  &(_t304->Internal);
										_t312 = _t312 + 1;
									} while (_t304 < _t287);
									_t305 = _v76;
									if(_v76 > 0) {
										E00878160( &_v28 + _t287, _t292, _t305);
										_t287 = _v48;
										_t316 = _t316 + 0xc;
									}
									_t301 = _v72;
									_t297 = _t267;
									_t313 = _v84;
									do {
										 *( *((intOrPtr*)(0x8871e8 + _t313 * 4)) + _t301 + _t297 + 0x2e) = _t267;
										_t297 =  &(_t297->Internal);
									} while (_t297 < _t287);
									_t308 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00881FA7( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t317 = _t316 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E0087E7AC(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t316 = _t317 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t308 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t308 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t308 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t308 + 8)) =  *((intOrPtr*)(_t308 + 8)) + 1;
																 *((intOrPtr*)(_t308 + 4)) =  *((intOrPtr*)(_t308 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t308 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				return E00877061(_v20 ^ _t314);
				goto L52;
			}
















































































0x008811c6
0x008811c8
0x008811d3
0x008811d4
0x008811d7
0x008811dc
0x008811de
0x008811e4
0x008811e8
0x008811ee
0x008811f3
0x008811f9
0x008811fc
0x008811ff
0x00881202
0x00881205
0x00881208
0x00881212
0x00881215
0x00881219
0x00881221
0x00881224
0x0088122a
0x0088122e
0x00881231
0x00881235
0x00881235
0x0088123d
0x00881245
0x0088124a
0x0088124b
0x0088124c
0x0088124d
0x00881250
0x00881252
0x00881258
0x0088125e
0x00881261
0x00881263
0x00881266
0x0088126f
0x00881275
0x00881278
0x0088127f
0x00881286
0x00881289
0x008813c3
0x008813c7
0x008813ca
0x008813ed
0x008813f3
0x008813f5
0x008813f9
0x0088142a
0x0088142d
0x0088142f
0x00000000
0x008813fb
0x008813fb
0x008813fe
0x00881401
0x00881404
0x0088154e
0x0088155c
0x00881565
0x0088140a
0x00881414
0x00881419
0x0088141c
0x0088141f
0x00881425
0x00000000
0x00881425
0x0088141f
0x00881404
0x008813cc
0x008813d3
0x008813d6
0x008813d9
0x008813db
0x008813de
0x008813e5
0x008813e7
0x00881430
0x00881433
0x00881434
0x00881439
0x0088143c
0x0088143f
0x00881445
0x00000000
0x00881445
0x0088143f
0x0088128f
0x00881292
0x00881294
0x00881296
0x0088129a
0x0088129b
0x0088129f
0x00000000
0x00000000
0x00000000
0x0088129f
0x008812a4
0x008812a6
0x008812ab
0x0088136b
0x00881372
0x00881373
0x00881376
0x00881378
0x00881528
0x0088152a
0x00000000
0x0088152c
0x0088152c
0x0088152f
0x0088153e
0x00881542
0x00881543
0x00881543
0x00000000
0x00881547
0x00000000
0x0088137e
0x00881383
0x00881386
0x00881389
0x0088138f
0x00881398
0x008813a3
0x008813a8
0x008813ab
0x008813ae
0x008813b7
0x008813b7
0x008813ba
0x00000000
0x008813ba
0x008813ae
0x008812b1
0x008812b4
0x008812ba
0x008812bc
0x008812c9
0x008812ca
0x008812cd
0x008812d0
0x008812d5
0x008814f9
0x008814fb
0x008814fd
0x00881500
0x00881503
0x0088150f
0x00881512
0x00881514
0x00881515
0x00881519
0x0088151c
0x0088151c
0x00881520
0x00881520
0x00881520
0x00881523
0x00881523
0x008812db
0x008812db
0x008812de
0x008812e0
0x008812e3
0x008812e5
0x008812e9
0x008812ea
0x008812eb
0x008812ef
0x008812f4
0x008812fe
0x00881303
0x00881306
0x00881306
0x00881309
0x0088130c
0x0088130e
0x00881311
0x0088131a
0x0088131e
0x0088131f
0x00881326
0x0088132c
0x00881334
0x0088133f
0x00881344
0x0088134f
0x00881354
0x0088135a
0x00881363
0x008813bd
0x008813bd
0x00881448
0x0088144d
0x0088145f
0x00881464
0x00881467
0x0088146c
0x00881487
0x0088156a
0x00881570
0x0088148d
0x0088148d
0x00881498
0x0088149a
0x0088149d
0x008814a6
0x008814b0
0x00000000
0x008814b2
0x008814b4
0x008814b6
0x008814cf
0x00000000
0x008814d5
0x008814d9
0x008814df
0x008814e2
0x008814e8
0x008814eb
0x00000000
0x008814eb
0x008814d9
0x008814cf
0x008814b0
0x008814a6
0x00881487
0x0088146c
0x0088135a
0x008812d5
0x008812ab
0x00000000
0x008814ee
0x008814ee
0x008814f7
0x00881572
0x00881577
0x0088158d
0x00000000

APIs
  • GetConsoleOutputCP.KERNEL32(0B2D62B2,?,00000000,00884D18), ref: 00881224
    • Part of subcall function 0087E7AC: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00880F85,?,00000000,-00000008), ref: 0087E858
  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0088147F
  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008814C7
  • GetLastError.KERNEL32 ref: 0088156A
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
  • String ID:
  • API String ID: 2112829910-0
  • Opcode ID: fd2e87432419eef74fe0d6e6fe840926de473f56d7ec961a6365519e5d18b661
  • Instruction ID: d14916668f691c03e3a2156e254f9ca467517351f14f3e81299459b4392373ab
  • Opcode Fuzzy Hash: fd2e87432419eef74fe0d6e6fe840926de473f56d7ec961a6365519e5d18b661
  • Instruction Fuzzy Hash: 93D167B5E002489FCF11DFE8D8849ADBBB9FF49314F18452AE856EB351DB30A942CB50
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 62%
			E0087A505(void* __eflags) {
				signed char* _t52;
				signed int _t53;
				signed int _t57;
				signed int _t60;
				intOrPtr _t70;
				signed int _t73;
				signed int _t77;
				signed char _t79;
				signed char _t82;
				intOrPtr _t83;
				signed int _t84;
				signed int _t85;
				signed int _t96;
				signed char _t98;
				signed int* _t99;
				signed char* _t101;
				signed int _t106;
				void* _t110;

				E00877A10(0x884e18, 0x10);
				_t73 = 0;
				_t52 =  *(_t110 + 0x10);
				_t79 = _t52[4];
				if(_t79 == 0 ||  *((intOrPtr*)(_t79 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t82 = _t52[8];
					if(_t82 != 0 ||  *_t52 < 0) {
						_t98 =  *_t52;
						_t106 =  *(_t110 + 0xc);
						if(_t98 >= 0) {
							_t106 = _t106 + 0xc + _t82;
						}
						 *(_t110 - 4) = _t73;
						_t101 =  *(_t110 + 0x14);
						if(_t98 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t83 =  *((intOrPtr*)(_t110 + 8));
							__eflags = _t98 & 0x00000008;
							if(__eflags == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t83 + 0x18);
									__eflags = _t101[0x18] - _t73;
									if(_t101[0x18] != _t73) {
										__eflags = _t84;
										if(__eflags == 0) {
											goto L32;
										} else {
											__eflags = _t106;
											if(__eflags == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t77 = 0;
												_t73 = (_t77 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t73;
												 *(_t110 - 0x20) = _t73;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(__eflags == 0) {
											goto L32;
										} else {
											__eflags = _t106;
											if(__eflags == 0) {
												goto L32;
											} else {
												E00877BE0(_t106, E0087B407(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t83 + 0x18);
									if(__eflags == 0) {
										goto L32;
									} else {
										__eflags = _t106;
										if(__eflags == 0) {
											goto L32;
										} else {
											E00877BE0(_t106,  *(_t83 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t106;
												if( *_t106 != 0) {
													_push( &(_t101[8]));
													_push( *_t106);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t96 =  *(_t83 + 0x18);
								goto L12;
							}
						} else {
							_t70 =  *0x886d24; // 0x0
							 *((intOrPtr*)(_t110 - 0x1c)) = _t70;
							if(_t70 == 0) {
								goto L10;
							} else {
								 *0x88814c();
								_t96 =  *((intOrPtr*)(_t110 - 0x1c))();
								L12:
								if(_t96 == 0 || _t106 == 0) {
									L32:
									E0087CEBD(__eflags);
									asm("int3");
									E00877A10(0x884e38, 8);
									_t99 =  *(_t110 + 0x10);
									_t85 =  *(_t110 + 0xc);
									__eflags =  *_t99;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t99[2];
										__eflags = _t85 + 0xc + _t99[2];
									} else {
										_t103 = _t85;
									}
									 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
									_t107 =  *(_t110 + 0x14);
									_push( *(_t110 + 0x14));
									_push(_t99);
									_push(_t85);
									_t75 =  *((intOrPtr*)(_t110 + 8));
									_push( *((intOrPtr*)(_t110 + 8)));
									_t57 = E0087A505(__eflags) - 1;
									__eflags = _t57;
									if(_t57 == 0) {
										_t60 = E0087B25F(_t103, _t107[0x18], E0087B407( *((intOrPtr*)(_t75 + 0x18)),  &(_t107[8])));
									} else {
										_t60 = _t57 - 1;
										__eflags = _t60;
										if(_t60 == 0) {
											_t60 = E0087B26F(_t103, _t107[0x18], E0087B407( *((intOrPtr*)(_t75 + 0x18)),  &(_t107[8])), 1);
										}
									}
									 *(_t110 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0x10));
									return _t60;
								} else {
									 *_t106 = _t96;
									_push( &(_t101[8]));
									_push(_t96);
									L21:
									 *_t106 = E0087B407();
									L29:
									 *(_t110 - 4) = 0xfffffffe;
									_t53 = _t73;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}





















0x0087a50c
0x0087a511
0x0087a513
0x0087a516
0x0087a51b
0x0087a62b
0x0087a62b
0x0087a62b
0x00000000
0x0087a52a
0x0087a52a
0x0087a52f
0x0087a539
0x0087a53b
0x0087a540
0x0087a545
0x0087a545
0x0087a547
0x0087a54a
0x0087a54f
0x0087a571
0x0087a571
0x0087a574
0x0087a577
0x0087a595
0x0087a598
0x0087a5d7
0x0087a5da
0x0087a5dd
0x0087a602
0x0087a604
0x00000000
0x0087a606
0x0087a606
0x0087a608
0x00000000
0x0087a60a
0x0087a60a
0x0087a60f
0x0087a613
0x0087a613
0x0087a614
0x00000000
0x0087a614
0x0087a608
0x0087a5df
0x0087a5df
0x0087a5e1
0x00000000
0x0087a5e3
0x0087a5e3
0x0087a5e5
0x00000000
0x0087a5e7
0x0087a5f8
0x00000000
0x0087a5fd
0x0087a5e5
0x0087a5e1
0x0087a59a
0x0087a59a
0x0087a59e
0x00000000
0x0087a5a4
0x0087a5a4
0x0087a5a6
0x00000000
0x0087a5ac
0x0087a5b3
0x0087a5bb
0x0087a5bf
0x0087a5c1
0x0087a5c4
0x0087a5c9
0x0087a5ca
0x00000000
0x0087a5ca
0x0087a5c4
0x00000000
0x0087a5bf
0x0087a5a6
0x0087a59e
0x0087a579
0x0087a579
0x00000000
0x0087a579
0x0087a556
0x0087a556
0x0087a55b
0x0087a560
0x00000000
0x0087a562
0x0087a564
0x0087a56d
0x0087a57c
0x0087a57e
0x0087a63d
0x0087a63d
0x0087a642
0x0087a64a
0x0087a64f
0x0087a652
0x0087a655
0x0087a658
0x0087a661
0x0087a661
0x0087a65a
0x0087a65a
0x0087a65a
0x0087a664
0x0087a668
0x0087a66b
0x0087a66c
0x0087a66d
0x0087a66e
0x0087a671
0x0087a67a
0x0087a67a
0x0087a67d
0x0087a6b3
0x0087a67f
0x0087a67f
0x0087a67f
0x0087a682
0x0087a699
0x0087a699
0x0087a682
0x0087a6b8
0x0087a6c2
0x0087a6ce
0x0087a58c
0x0087a58c
0x0087a591
0x0087a592
0x0087a5cc
0x0087a5d3
0x0087a617
0x0087a617
0x0087a61e
0x0087a62d
0x0087a630
0x0087a63c
0x0087a63c
0x0087a57e
0x0087a560
0x00000000
0x00000000
0x00000000
0x0087a52f

APIs
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: AdjustPointer
  • String ID:
  • API String ID: 1740715915-0
  • Opcode ID: ae37863094b033a515cdf54b4b7a9835b7df8256066d67ad30d3c0a881ace0cd
  • Instruction ID: 02f0440126ee117eff6102fd9a2affb0064db5d4a89301d5939a585cbff03299
  • Opcode Fuzzy Hash: ae37863094b033a515cdf54b4b7a9835b7df8256066d67ad30d3c0a881ace0cd
  • Instruction Fuzzy Hash: 1151DE766012029FDB2C9F54C841B6E77A5FFA4314F28882DE90ED6299D731EC41CB92
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E008829D6(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x886860, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E008829BF();
					E00882981();
					_t13 = WriteConsoleW( *0x886860, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




0x008829f3
0x008829f7
0x00882a04
0x00882a09
0x00882a24
0x00882a24
0x00882a2a

APIs
  • WriteConsoleW.KERNEL32(?,00884D18,00000000,00000000,?,?,0088218A,?,00000001,?,00884D18,?,008815BE,00884D18,?,00000000), ref: 008829ED
  • GetLastError.KERNEL32(?,0088218A,?,00000001,?,00884D18,?,008815BE,00884D18,?,00000000,00884D18,00884D18,?,00881B45,?), ref: 008829F9
    • Part of subcall function 008829BF: CloseHandle.KERNEL32(FFFFFFFE,00882A09,?,0088218A,?,00000001,?,00884D18,?,008815BE,00884D18,?,00000000,00884D18,00884D18), ref: 008829CF
  • ___initconout.LIBCMT ref: 00882A09
    • Part of subcall function 00882981: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008829B0,00882177,00884D18,?,008815BE,00884D18,?,00000000,00884D18), ref: 00882994
  • WriteConsoleW.KERNEL32(?,00884D18,00000000,00000000,?,0088218A,?,00000001,?,00884D18,?,008815BE,00884D18,?,00000000,00884D18), ref: 00882A1E
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
  • String ID:
  • API String ID: 2744216297-0
  • Opcode ID: 54ba4b1a69c47cbf371b494c61244d1dc2b1de061bbcd36ede7597ae1ad12d8c
  • Instruction ID: 07e86ca2d8c9a95c9706707d739166b117a232a17d62926d6755d1607b259333
  • Opcode Fuzzy Hash: 54ba4b1a69c47cbf371b494c61244d1dc2b1de061bbcd36ede7597ae1ad12d8c
  • Instruction Fuzzy Hash: A0F0C936951129FBCF627F99DC48E9A3FA6FF087A1F444020FA19D5130EB329820DB91
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 63%
			E0087AAFB(signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed int _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				signed int _t98;
				signed int _t99;
				void* _t100;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				void* _t110;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E00879A26(_t96, _t100, _t110, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E00879A26(_t96, _t100, _t110, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E0087A22C(_t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E0087A15E(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E0087A6DC(_t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E0087CEBD(__eflags);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					__eflags = _t78;
					if(_t78 == 0) {
						L41:
						_t80 = 1;
						__eflags = 1;
					} else {
						_t101 = _t78 + 8;
						__eflags =  *_t101;
						if( *_t101 == 0) {
							goto L41;
						} else {
							__eflags =  *_t111 & 0x00000080;
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0) {
								L23:
								_t97 = _t116[4];
								_t123 = 0;
								__eflags = _t78 - _t97;
								if(_t78 == _t97) {
									L33:
									__eflags =  *_t116 & 0x00000002;
									if(( *_t116 & 0x00000002) == 0) {
										L35:
										_t81 = _a8;
										__eflags =  *_t81 & 0x00000001;
										if(( *_t81 & 0x00000001) == 0) {
											L37:
											__eflags =  *_t81 & 0x00000002;
											if(( *_t81 & 0x00000002) == 0) {
												L39:
												_t123 = 1;
												__eflags = 1;
											} else {
												__eflags =  *_t111 & 0x00000002;
												if(( *_t111 & 0x00000002) != 0) {
													goto L39;
												}
											}
										} else {
											__eflags =  *_t111 & 0x00000001;
											if(( *_t111 & 0x00000001) != 0) {
												goto L37;
											}
										}
									} else {
										__eflags =  *_t111 & 0x00000008;
										if(( *_t111 & 0x00000008) != 0) {
											goto L35;
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										__eflags = _t98 -  *_t82;
										if(_t98 !=  *_t82) {
											break;
										}
										__eflags = _t98;
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											__eflags = _t99 -  *((intOrPtr*)(_t82 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												__eflags = _t99;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										__eflags = _t83;
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									__eflags = _t83;
									goto L31;
								}
							} else {
								__eflags =  *_t116 & 0x00000010;
								if(( *_t116 & 0x00000010) != 0) {
									goto L41;
								} else {
									goto L23;
								}
							}
						}
					}
					L42:
					return _t80;
				}
			}

















































0x0087ab02
0x0087ab0b
0x0087ac2a
0x0087ab11
0x0087ab11
0x0087ab12
0x0087ab13
0x0087ab1d
0x0087ab20
0x0087ab26
0x0087ab30
0x0087ab55
0x0087ab5a
0x0087ab5f
0x0087ac26
0x00000000
0x0087ac27
0x0087ab5f
0x0087ab30
0x0087ab65
0x0087ab68
0x0087ab6b
0x0087ab71
0x0087ab77
0x0087ab89
0x0087ab8e
0x0087ab91
0x0087ab94
0x0087ab97
0x0087ab9a
0x0087aba0
0x0087aba6
0x0087aba9
0x0087abac
0x0087abbb
0x0087abbc
0x0087abbc
0x0087abc1
0x0087abd4
0x0087abd6
0x0087abdb
0x0087abe6
0x0087abe8
0x0087abea
0x0087ac06
0x0087ac0b
0x0087ac0e
0x0087ac0e
0x0087abe6
0x0087abdb
0x0087ac14
0x0087ac15
0x0087ac18
0x0087ac1b
0x0087ac1e
0x0087ac21
0x0087abac
0x00000000
0x0087aba0
0x0087ac2b
0x0087ac30
0x0087ac34
0x0087ac37
0x0087ac38
0x0087ac39
0x0087ac3a
0x0087ac3d
0x0087ac3f
0x0087acb7
0x0087acb9
0x0087acb9
0x0087ac41
0x0087ac41
0x0087ac44
0x0087ac47
0x00000000
0x0087ac49
0x0087ac49
0x0087ac4c
0x0087ac4f
0x0087ac56
0x0087ac56
0x0087ac59
0x0087ac5b
0x0087ac5d
0x0087ac8f
0x0087ac8f
0x0087ac92
0x0087ac99
0x0087ac99
0x0087ac9c
0x0087ac9f
0x0087aca6
0x0087aca6
0x0087aca9
0x0087acb0
0x0087acb2
0x0087acb2
0x0087acab
0x0087acab
0x0087acae
0x00000000
0x00000000
0x0087acae
0x0087aca1
0x0087aca1
0x0087aca4
0x00000000
0x00000000
0x0087aca4
0x0087ac94
0x0087ac94
0x0087ac97
0x00000000
0x00000000
0x0087ac97
0x0087acb3
0x0087ac5f
0x0087ac5f
0x0087ac5f
0x0087ac62
0x0087ac62
0x0087ac64
0x0087ac66
0x00000000
0x00000000
0x0087ac68
0x0087ac6a
0x0087ac7e
0x0087ac7e
0x0087ac6c
0x0087ac6c
0x0087ac6f
0x0087ac72
0x00000000
0x0087ac74
0x0087ac74
0x0087ac77
0x0087ac7a
0x0087ac7c
0x00000000
0x00000000
0x00000000
0x00000000
0x0087ac7c
0x0087ac72
0x0087ac87
0x0087ac87
0x0087ac89
0x00000000
0x0087ac8b
0x0087ac8b
0x0087ac8b
0x00000000
0x0087ac89
0x0087ac82
0x0087ac84
0x0087ac84
0x00000000
0x0087ac84
0x0087ac51
0x0087ac51
0x0087ac54
0x00000000
0x00000000
0x00000000
0x00000000
0x0087ac54
0x0087ac4f
0x0087ac47
0x0087acba
0x0087acbe
0x0087acbe

APIs
  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0087AB20
Strings
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: EncodePointer
  • String ID: MOC$RCC
  • API String ID: 2118026453-2084237596
  • Opcode ID: 75a4b15a6789f6f30522226f82ab0336d00647f805454d58b93851255a14061b
  • Instruction ID: 66d0c12986c47a7bb394a452171fe9722cf665e9779b0545ec7d670a7670a3ad
  • Opcode Fuzzy Hash: 75a4b15a6789f6f30522226f82ab0336d00647f805454d58b93851255a14061b
  • Instruction Fuzzy Hash: 47415C71900209AFCF1ADF98CD81AEEBBB5FF88314F148159F908A7259D335D990DB52
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00876F49(intOrPtr* __ecx, void* __eflags) {
				intOrPtr* _t13;

				_t13 = __ecx;
				E00876F9C(__ecx);
				 *__ecx = 0x38;
				 *((intOrPtr*)(__ecx + 8)) = 0x870000;
				 *((intOrPtr*)(__ecx + 4)) = 0x870000;
				 *((intOrPtr*)(__ecx + 0xc)) = 0xe00;
				 *((intOrPtr*)(__ecx + 0x10)) = 0x871050;
				if(E00876161(__ecx + 0x14) < 0) {
					if(IsDebuggerPresent() != 0) {
						OutputDebugStringW(L"ERROR : Unable to initialize critical section in CAtlBaseModule\n");
					}
					 *0x887434 = 1;
				}
				return _t13;
			}




0x00876f4a
0x00876f4c
0x00876f56
0x00876f5f
0x00876f62
0x00876f65
0x00876f6c
0x00876f7a
0x00876f84
0x00876f8b
0x00876f8b
0x00876f91
0x00876f91
0x00876f9b

APIs
    • Part of subcall function 00876161: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00876166
    • Part of subcall function 00876161: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00876170
  • IsDebuggerPresent.KERNEL32(?,008760DE,?,?,?), ref: 00876F7C
  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,008760DE,?,?,?), ref: 00876F8B
Strings
  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00876F86
Memory Dump Source
  • Source File: 00000000.00000002.232253208.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
  • Associated: 00000000.00000002.232246639.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232273312.0000000000886000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.232279932.0000000000888000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_870000_GoogleUpdate.jbxd
Similarity
  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
  • API String ID: 450123788-631824599
  • Opcode ID: f685e5a9e74381bc32c1fbe4c125d0b837d5bc5dd2def8cf0b8e807e3bedce09
  • Instruction ID: aecf748d1d4f6192951190e11e1d0859910a0424c6b51375073b61f66e4dbc30
  • Opcode Fuzzy Hash: f685e5a9e74381bc32c1fbe4c125d0b837d5bc5dd2def8cf0b8e807e3bedce09
  • Instruction Fuzzy Hash: 48E03270200F41CEC7719F6CE9087467AE4FB10344B40C82CE49EC2649EFB5E4888BA2
Uniqueness

Uniqueness Score: -1.00%